Suspicious Links: Before You Click
A repeatable procedure for reading domains, shortened links, QR codes and safer alternatives before clicking.
Objectives and practical frame
At the end of this module, you will be able to:
- 01
read domains and subdomains
- 02
recognize shortened or disguised links
- 03
handle qr codes carefully
- 04
choose safer access paths
9.1 Introduction
This section focuses on introduction in practical terms: what is being requested, what data or access is involved and what could go wrong if the action is rushed.
The useful habit is to connect details instead of checking them in isolation. Context, channel, timing, destination and consequences provide a clearer picture of risk.
The moment before clicking is a practical control point. This module turns link checks into a repeatable procedure: real domain, subdomains, shortened URLs, QR codes, HTTPS, context and safer alternatives.
9.2 Where links can come from
This section focuses on where links can come from before the click. The useful skill is understanding where the action will really lead, not only what the visible text says.
For sensitive services, avoid relying on received links. Use the official app, a bookmark, a known address or an independently verified path.
A safe click starts with domain awareness and context
A safe click starts with domain awareness and context. For sensitive services, the safest link is often no link at all: use the official app or a known address.
9.3 Why links are dangerous
This section focuses on why links are dangerous before the click. The useful skill is understanding where the action will really lead, not only what the visible text says.
For sensitive services, avoid relying on received links. Use the official app, a bookmark, a known address or an independently verified path.
9.4 The visible link text can mislead
This section focuses on the visible link text can mislead before the click. The useful skill is understanding where the action will really lead, not only what the visible text says.
For sensitive services, avoid relying on received links. Use the official app, a bookmark, a known address or an independently verified path.
9.5 Understanding the structure of a web address
This section focuses on understanding the structure of a web address in practical terms: what is being requested, what data or access is involved and what could go wrong if the action is rushed.
The useful habit is to connect details instead of checking them in isolation. Context, channel, timing, destination and consequences provide a clearer picture of risk.
9.5.1 Main domain and subdomain
This detail focuses on main domain and subdomain before the click. The useful skill is understanding where the action will really lead, not only what the visible text says.
For sensitive services, avoid relying on received links. Use the official app, a bookmark, a known address or an independently verified path.
9.5.2 HTTPS does not automatically mean safe
This detail focuses on https does not automatically mean safe before the click. The useful skill is understanding where the action will really lead, not only what the visible text says.
For sensitive services, avoid relying on received links. Use the official app, a bookmark, a known address or an independently verified path.
9.5.3 Deceptive domains
This detail focuses on deceptive domains before the click. The useful skill is understanding where the action will really lead, not only what the visible text says.
For sensitive services, avoid relying on received links. Use the official app, a bookmark, a known address or an independently verified path.
9.5.4 Misleading subdomains
This detail focuses on misleading subdomains before the click. The useful skill is understanding where the action will really lead, not only what the visible text says.
For sensitive services, avoid relying on received links. Use the official app, a bookmark, a known address or an independently verified path.
9.5.5 Shortened URLs
This detail focuses on shortened urls before the click. The useful skill is understanding where the action will really lead, not only what the visible text says.
For sensitive services, avoid relying on received links. Use the official app, a bookmark, a known address or an independently verified path.
9.5.6 Links in search engine results
This detail focuses on links in search engine results before the click. The useful skill is understanding where the action will really lead, not only what the visible text says.
For sensitive services, avoid relying on received links. Use the official app, a bookmark, a known address or an independently verified path.
9.5.7 Links in PDF, Word and presentation documents
This detail focuses on links in pdf, word and presentation documents before the click. The useful skill is understanding where the action will really lead, not only what the visible text says.
For sensitive services, avoid relying on received links. Use the official app, a bookmark, a known address or an independently verified path.
9.5.8 Links in business chats and calendars
This detail focuses on links in business chats and calendars before the click. The useful skill is understanding where the action will really lead, not only what the visible text says.
For sensitive services, avoid relying on received links. Use the official app, a bookmark, a known address or an independently verified path.
9.5.10 Links received by SMS: strict rule
This detail focuses on links received by sms: strict rule before the click. The useful skill is understanding where the action will really lead, not only what the visible text says.
For sensitive services, avoid relying on received links. Use the official app, a bookmark, a known address or an independently verified path.
9.5.11 Links received from people you know
This detail focuses on links received from people you know before the click. The useful skill is understanding where the action will really lead, not only what the visible text says.
For sensitive services, avoid relying on received links. Use the official app, a bookmark, a known address or an independently verified path.
9.6 Practical procedure: I receive a link, what do I do?
This section focuses on practical procedure: i receive a link, what do i do? before the click. The useful skill is understanding where the action will really lead, not only what the visible text says.
For sensitive services, avoid relying on received links. Use the official app, a bookmark, a known address or an independently verified path.
9.6.1 What to do if you have already clicked
This detail focuses on what to do if you have already clicked as an incident response situation where the first minutes matter.
The priority is to stop additional damage, preserve useful evidence, write down what happened and report through the right channel instead of improvising under pressure.
9.7 Good habits for reducing risk
This section focuses on good habits for reducing risk in practical terms: what is being requested, what data or access is involved and what could go wrong if the action is rushed.
The useful habit is to connect details instead of checking them in isolation. Context, channel, timing, destination and consequences provide a clearer picture of risk.
HTTPS only means the connection is encrypted; it does not prove the site is trustworthy.
Clicking because the message looks urgent.
Type the known address or use the official app for sensitive services.
URL inspection
Inspect sample URLs and mark the real domain, the subdomain and the part that is only path or tracking text.
A safe click starts with domain awareness and context. For sensitive services, the safest link is often no link at all: use the official app or a known address.