You Clicked on an Ad.

It's a good thing this wasn't real.

Ads on reputable news sites are generally fine. The problem is that not every ad on a reputable site comes from a reputable advertiser — and it can be difficult to tell the difference before you click. This one went somewhere safe. That is not always the case.

A suspicious ad might have:

• Taken you to a convincing login page for your bank, your email, or your employer's VPN.
• Immediately begun downloading a file with a name like Invoice_March_Final_FINAL(3).pdf.exe.
• Presented you with a survey offering a $500 gift card in exchange for your address, date of birth, and the last four digits of your Social Security number.
• Simply played a very loud sound.

None of those things happened. But now you know what "fine" felt like for a moment there, and that feeling is worth keeping.

How to spot a suspicious ad

Before clicking, hover over an ad and check the URL in your browser's status bar. Legitimate advertisers link to their own domains. If the destination looks unrelated to what the ad is selling, or contains a long chain of tracking subdomains you don't recognize, think twice. Urgency and scarcity ("Act now," "Only 3 left," "Your account has been compromised") are reliable warning signs. So is any prize you didn't enter to win.

If you're ever genuinely unsure whether a link is safe, you can paste it into VirusTotal before clicking. It takes about four seconds and has saved people from outcomes considerably worse than a Rick Astley video.