Good question, but the answer is you can’t really trust the URL that appears in the status bar at the bottom of your email program or web browser.
There are several reasons why. Let’s talk about a couple of them.
Become a Patron of Ask Leo! and go ad-free!
The status line can be programmed
The most important and worrisome reason is that the authors of the web page (or the email that you’re viewing) can actually code the link to display something different in the status line when you view it.
Normally, if the website authors do nothing, the default is that the URL displays in the status line. But with HTML, website authors can actually code the link to display anything – even a phrase.
For instance, if you’re hovering over a link on askleo.com, I could add code to the link so the status line would read, “Click_to_go_to_Ask_Leo!” No URL would be visible when you hovered over it. (Now, it might ignore that coding and still show the destination – depending on your browser and its approach to security.)
The only way to be able to determine if the URL in the status line is accurate is to look at the HTML source code for the web page. But that’s not something the average user should be expected to do.
Links can be shortened
Now, there is a scenario where a link takes you to a different place than what appears in the status bar. Some senders use link shortening services, such as TinyURL, Bit.ly, Google (called goo.gl), or others. These sites take a very long URL and shorten it. The short link redirects you to the location of the long URL. For example, if you go to the URL go.askleo.com/ms, you go to the Microsoft.com website.
In some cases, this is legitimate and relatively safe. If you click on go.askleo.com, it is askleo.com that had to set that up. If you trust askleo.com, it’s clear that you’re going someplace relatively safe.
Nonetheless, you should be concerned. Hackers sometimes use link shortening services to hide malicious links, but it is possible to preview the link before you open the page.
Be careful with links
Ultimately, this is why I say what I do about links so often. It all comes down to how much you trust the sender and how sure you are that it’s really from them. Is the email address one that you recognize? Does the sender’s name match? What if the sender’s account has been hacked and the hacker is sending messages with malicious links in them?
That’s how and why hackers crack into email accounts. The hacker’s success relies on the trust inherent in the relationship between the sender and their contacts. For this reason, you need to always determine the validity and safety of the link before you click on it.
If you click on it at all, that is.