To what level do you personally scrutinize links in emails?

Post date: 2019-07-18 09:18:44

When you receive an email with a link in it, what is your process for determining if it's safe to click on? I'm familiar with basic security policies like "don't click on links from senders you don't know" but what, if anything, should or could be done beyond that?

(I realize my question is coming from a place of anxiety. I'm working on that.)

About an hour ago I received an email from Google (no-reply@accounts.google.com) notifying me that one of my secondary email accounts was deleted* due to a Terms of Service violation. Part of the email contained the text "To attempt to restore access to the account, please visit our account recovery page immediately." where account recovery page was a link to a webpage beginning with accounts.google.com.

I gave some thought as to whether I should click on the link or not. The email address where I received the email is my primary email address and the primary and the secondary address were both listed in the text of the email. The sender email address matched the the sender of other security emails I've received from Google (although I'm aware that sender email addresses can be spoofed). The Mailed By and Signed By values also matched other security emails sent by Google. I hovered over the link and saw that it went to accounts.google.com. I logged into my primary email/Google account to see if there was a way to start the account recovery process without clicking the link but I didn't find one.

The end result is that I clicked on the link. (After confirming that 2 factor authentication was enabled on my primary Google account.) The webpage was unable to help me recover my secondary email account but beyond that I'm having trouble shaking the feeling that I shouldn't have clicked on the link at all. (Additional factor probably being that I checked this email in a browser on my work computer and would hate to think I compromised my fairly new work computer.) I was able to see the URL and could have entered it manually to go to the webpage.

TLDR, and the main actual question: what is your personal process for determining if a link in an email is safe to click on? Beyond the basic advice about phishing emails, how do you stay vigilant against potentially malicious links? Does this process differ when using your phone or your computer?

I find myself becoming more and more suspicious of any links in emails but they are an unavoidable part of personal and business emails so I must find better ways of managing both the actual potential threat and the anxiety around not being safe enough.

Thank you for your time.

*(The deletion is a whole other story. It was an email account I set up to sign up for a Twitter account. The purpose of the Twitter account was to write parody weather report tweets. It's an odd situation I've never encountered before but it will be okay if I can't recover the email account.)

Please click Here to read the full story.