..

A Trivial, Dangerous, False Assumption on Links

I can recognize a scam email or SMS when I see one. Anyway, I realized that there is a simple URL trick (sometimes used by scammers) that always catches me off guard. It is based upon a particular encoding of URLs that is clearly explained in this short Wikipedia page:

https://en.wikipedia.org/wiki/Percent-encoding

Take your time to read it, I’ll wait here.

Have you followed the link? Did you notice? Well, in case you didn’t, the link doesn’t bring you to Wikipedia, but to another page of my blog.

Of course, the trick simply consists in a discrepancy between the actual link text and its “href” attribute. It may as well be the oldest URL trick in the world.

Still, when my mind sees a link with a generic text (e.g. “click here”) it usually alerts me to check where that link points to. On the other hand, when it sees a link with a URL as text, my mind automatically believes that that URL is also the page the link points to.

I think this trick has always been deceptive, but I also believe it had become more dangerous in recent years due to WhatsApp and a bunch of other apps that share the same characteristic: in these apps, the text of a link is always also the URL it points to. So, everyday, we strengthen the assumption that link text equals link URL, which is true in some cases, but false in general.

To wrap up, just be conscious of the platform you’re on and be aware of your false assumptions: otherwise even the simplest tricks may work on you.

Hi reader! I just want to remember that if you want to let me know your opinion and discuss this article you can simply email me. Interesting discussions may be posted in this section!

This post has been publicly discussed on lobste.rs.

P.S. Stay tuned, more posts coming in the next months…

Police ASCII art made by Joan G. Stark.


No spam, unsubscribe at any time (or use RSS feed)