A warning about hijacked hyperlinks

We're all familiar with hyperlinks. By default, Office applications automatically create a hyperlink if you type http://www. They're convenient, they're fun, they're cool — they can be dangerous. Be careful when including hyperlinks in a document. They're easy to hijack!

Someone you don't even know can alter the hyperlink and then forward it. The subsequent and unsuspecting recipients might get phished, sent to an adult content site, or hit by malicious spyware — all that from a simple hyperlink you provided as a convenience.

It's real — all someone has to do is edit the hyperlink and forward it.

The key is awareness, and fortunately, prevention is simple. To stop a hyperlink hijack in an Office document, protect the document before you share it. For example, to protect a Word document, choose Protect Document from the Tools menu and check the appropriate settings. After protecting the document, no one can alter the hyperlink's address. (This process requires a password, so be careful. If you forget the password, you won't be able to change the document either.)

Unfortunately, even a protected document won't stop a determined hijacker, but this extra step just might make them toss your file aside for an easier target.

If you receive a file that contains a hyperlink, right-click the link before clicking it. Doing so will display the link's Web address. If the address looks suspicious, don't click the link!


Susan Sales Harkins is an IT consultant, specializing in desktop solutions. Previously, she was editor in chief for The Cobb Group, the world's largest publisher of technical journals.

Editor's Picks