What does a phishing link look like? How to check links safely

There seems to be no end to fake emails that are cleverly designed to look like real messages from legitimate companies. As these phishing scams grow more convincing, how can you tell the fakes from the real thing? One line of defense: Learning how to spot a phishing link.
Hand holding smartphone next to laptop keyboard
To protect yourself from phishing, learn how to preview suspicious links on your smartphone and laptop

What is a phishing link?

“Phishing” is a scam designed to steal personal data and/or gain access to sensitive online accounts, either by tricking you into revealing the information or by installing malicious software on your device to steal it. One widespread form of phishing is emails sent by scammers containing hyperlinks to fraudulent websites. Such hyperlinks are often referred to as “phishing links.”

What do phishing links do?

When clicked, they can direct you to a fake page designed to trick you into entering passwords, credit card numbers, or other personal data that can be used by the scammer. Or they can trigger the download of malware to your device.
 
If you’d like a refresher on phishing, check out our explainer: Phishing emails: How to protect yourself

How to check a link for phishing

In an email, a link will usually appear as blue, underlined text, like this link to our blog page, or as a button with text on it. This is called the hypertext, anchor text, or link text. However, the words of the link text do not always tell you what will actually happen if you click (or tap) on it. That’s why it’s important to look at the real destination – the web address, also called a URL – before you decide whether or not to open it.
 
If you’d like to read more about URLs, see our deep dive: Is a URL the same as a link? URLs and web addresses explained

So, how do you check a link safely? This depends on what kind of device you are using:

How to detect a phishing link on a computer or laptop

When you hover over the hypertext or button with your mouse cursor, the URL behind it will be displayed – sometimes in a status bar at the bottom of your screen, sometimes as a small pop-up next to the cursor. (The location will vary depending on your email or web browser program.)

After decades of computer use, many of us know this mouse-cursor trick already. But what if you are using a device without a mouse – e.g., how do you check links on your smartphone without opening them?

How to check a phishing link on an iPhone

Follow these steps to preview links on your iPhone. By default, this should work in all Apple apps like Mail, Safari, etc. – and it will also work in many third-party apps like the mail.com app for iOS.
  1. Open an email that contains a hyperlink
  2. Place your finger on the link and hold it there (long press)
  3. A window with a link preview will appear (it is now safe to remove your finger)
  4. If you examine the link and know the website is legitimate, you can tap the preview to open it
  5. In addition to opening the link, there are options to copy or share it
  6. To close the preview window without opening the link, simply tap somewhere else on your screen

How to preview links on an Android device

Although Android devices can vary depending on the model and version, the link preview function will work along the same principle:
  1. Open an email or the Chrome web browser and locate the hyperlink you’d like to preview
  2. Place your finger on the hypertext and hold it there
  3. On the context menu that appears, select Preview page
  4. A pane will open showing you the webpage behind the link
  5. If you want to open the page, tap the link icon

What does a phishing link look like?

Now that you’ve gotten a good look at the suspicious link, you can check it for these five warning signs (and compare it with our phishing link examples):

1. Check the domain name

First, look at the link and find the domain name. The domain name is the part that comes after http:// and it tells you the website you will be taken to if you click the link:
  • In the URL https://www.mail.com/blog/posts/email-for-job-search/237/ the domain name is www.mail.com
Everything that follows the domain name after the first /, e.g. “https://www.mail.com/blog/posts/email-for-job-search/237/” gives a location within that website and is not part of the domain name: 
  • In the URL https://www.blogpost.edu/mail.com/, the domain is NOT mail.com, but blogpost.edu
Additional text linked by a hyphen or a dot changes the domain name:
  • In the URL https://www.mail.com.blog.eu/posts/ the domain is NOT mail.com, but mail.com.blog.eu.
  • In the URL https://www.blog-mail.com/posts/ the domain is NOT mail.com, but blog-mail.com.
Caution: Even if you check a link and it contains a familiar-looking domain name such as google.com or amazon.com, you should make sure nothing has been added to the domain between https:// and the first /. This is because https://www.shop-at-amazon.com/ is NOT the same domain as https://www.amazon.com/ – and could be a phishing website link set up by a scammer. 

2. Make sure the hypertext and the hyperlink match

Sometimes instead of hypertext that looks like regular words, you will see hypertext that looks like a URL, like this: www.mail.com/blog/. However, you should be aware that the text on the page is NOT necessarily the web address you will be directed to – and if it is a phishing link, it may take you to a scam website. If you mouse over the hyperlink in this paragraph, you will see that the URL behind it does not match (but don’t worry, in this case, it is not a fraudulent website, but a link to our help page). This is why it is always essential to check the destination before you click to make sure it’s not a scamming link.

3. Look out for links that are entirely numbers

If the link behind the hypertext looks something like http://123.12.3.123, you are being sent directly to an IP address. All URLs are associated with an IP address, but it would be very unusual for a legitimate business to use a numerical identifier instead of their URL in their customer communications. You should not click or tap on such a link without checking it first (see below).

4. Look at the length of the URL

If you see a link that looks like https://fu.o/Y7EE9a, it is most likely a regular web address that has been shortened. Links are sometimes shortened to make them easier to post on social media sites, for example, but URL shorteners are often used to mask malicious links. You should always check such URLs before clicking on them (see below).

5. Check that nothing is “off” about the URL

Even if the link passes all of the above tests, you should still scrutinize it carefully before deciding it’s not a phishing link. Look at the end of the domain and make sure it matches the company’s original address – e.g., it’s not xxx.org when it should be xxx.com (you can check the company’s web address by performing an internet search). Look for subtle spelling errors, e.g., www.mall.com instead of www.mail.com. And be wary of numbers added before the domain name, e.g. www.4mail.com. These slight changes can be hard to spot, but overlooking them may mean you click on a phishing site by mistake. If you are ever in doubt, do not click the link – it’s better to be safe than sorry.
 
If you do mistakenly click on a phishing link, it is important to act quickly to protect your data and device. Read how here: What to do if you click on a phishing link

How to check a URL

After careful examination, if you are still not sure whether an email is hiding a phishing link, you can check the URL using a URL checker. One of our favorites is the Trend Micro Site Safety Center. For more information, recommendations, and instructions on how to copy a URL safely, see our explainer: Is this URL safe? How to check if a link you received is dangerous
 
Now you know how to tell if a link is a phishing link – and how important it is to use caution before you click! If you found this information helpful, why not leave us some feedback below?
 
Still don’t have a mail.com account? Sign up for free today!

Images: 1&1/GettyImages

90 people found this article helpful.

Related articles

I know where you live: Creepy scam emails with personal details

Unsubscribe email scam: How to protect yourself

Ask the expert: How to protect yourself from spam and phishing