Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    eBook    Contact
Bookmark and Share

Check Links in HTML Emails

A favourite scammer's trick is to use HTML to disguise email links so that they appear more legitimate.

A recent phishing scam email that targeted the Abbey bank illustrates this technique. The scam email fraudulently requested recipients to "upgrade their account" and included the following instruction:
To get started, please click the link below: /signon?LOB=CONS&screenid =
At first glance, the link may appear legitimate since it seemingly contains the genuine web address of the Abbey bank. However, the scammers have used very simple HTML to hide the real destination of the link while displaying the genuine looking bank address. In fact, the following (sanitized) scam site link was hidden behind the apparent Abbey Bank URL that was visible in the message:
Thus, an unwary recipient may obey the instruction in the scam message and click on the seemingly genuine bank link. However, the link will actually open a fake website that looks just like the real Abbey bank login page.

Therefore, if you choose to receive email in HTML format, it is always a good idea to check the real destination of any links in the messages. Holding the mouse cursor over a link in the email should display the underlying web address in your email client's status bar and allow you to easily detect if the link is disguised. This is a very simple and easy way to check email links.

In most cases, the status bar will reveal the real link. However, scammers can sometimes thwart this as well by clever use of HTML code. A more foolproof method of checking links is to check the actual source code of the message.

To check the Message Source in Outlook Express:
  1. Click the message whose source code you want to view.
  2. Click "Properties" on the File menu.
  3. Click the "Details" tab and then click "Message Source".

In Outlook Express, you can also key in "Control + F2" to open the source code of the message in Notepad.

If you use another email client, check the Help Files to learn how to view message source code.

For those unfamiliar with HTML, the source code may seem a little confusing. However, it should not be too hard to locate the link you are searching for. If the link is disguised as explained above, you may see something similar to the following (with "<>" instead of "[]"):
[a href = http :/ / minder/Logon/Logon.htm] /signon?LOB=CONS&screenid = [a]
As you can see, it is neither difficult nor time consuming to check the real destination of email links and it is well worth fostering this habit. Of course, scammers use many nasty tactics and checking links alone will not always be enough to identify a scam message. Nevertheless, using this simple technique can certainly help you protect yourself from Internet scammers.

Last updated: 30th November 2006
First published: 30th November 2006

Write-up by Brett M.Christensen