I was just watching Security Now #494, around the 85 minute mark, and there was a question about the safety of clicking on email links. (I’ve added the video at the bottom).
Steve Gibson’s answer in five words is this – “Don’t Click on Email Links.”
His summation is this: Even if you can see the link show up in the bottom of the screen, that actually doesn’t tell you what is going to happen when you click on the link. Here’s an example below. As I hover my mouse over the eHarmony ad, the link is actually taking me somewhere else.
Unfortunately, knowing that is not enough. Java Script has a “OnClick” function that takes precedence over what is shown on the bottom screen. They even mention that right-clicking on the link to copy and paste the link could execute code.
The only way to be sure where you are going is to go to the Source Code of the email and copy and paste that URL into your browser.
Since most people don’t know how to do that, it’s safest to just never click on email links. ALSO – don’t click on Unsubscribe links as these can take you to the same bad website.
Here’s what the IRS says about Phishing emails.