← Back to Tools
🛡️ How to Spot Suspicious Links
- Check the Domain: Look for misspellings (e.g., "g00gle.com" instead of "google.com")
- Verify HTTPS: Secure sites use HTTPS, but malicious sites can too - don't rely on this alone
- Watch for Subdomains: "login.paypal-secure.com" is NOT PayPal (the real domain is after the last dot before .com)
- Suspicious Characters: Be wary of special characters, excessive hyphens, or numbers replacing letters
- Too Good to Be True: Links promising free prizes, urgent account issues, or unbelievable deals are often scams
- Shortened URLs: Services like bit.ly hide the real destination - use URL expanders first
- Hover First: On desktop, hover over links to see the actual URL before clicking
🔐 Common Phishing Techniques
- Typosquatting: Using domains that look similar to legitimate ones (e.g., "micros0ft.com")
- Homograph Attacks: Using Unicode characters that look identical to Latin letters
- Subdomain Tricks: "paypal.com.evil-site.com" looks like PayPal but isn't
- URL Shorteners: Hiding malicious URLs behind bit.ly, tinyurl, etc.
- IDN Homograph: International domain names that display differently than the actual URL