How to Check a Link for Phishing

Phishing is one of the most common cybercrimes that threatens organization security in the US. These attacks are disguised as legitimate to trick people into clicking on malicious links or attachments. Social engineering attacks via email are getting more convincing as creators put more effort into making their scam emails look genuine. 

Familiarizing yourself with real-life phishing examples is an excellent way to mitigate these risks. We cover phishing-related topics on our blog to help you recognize and avoid email phishing and other social engineering attacks.  

Always carry out proper checks before clicking a link—whether it looks genuine or suspicious. This article explains how to check a link for phishing without clicking it.

Inspect the Shortened URL

One way to determine a malicious link is to see if the URL is shortened. Though link shortening services such as TinyURL or bit.ly are legitimate services, attackers leverage them to conceal their link’s true destination. 

 

 

More often than not, you won’t be able to tell where a short link will direct you by merely looking at it. The best way is to paste the short link into a link expansion service such as CheckShortURL.com to reveal the link’s true destination.

Some link expansion platforms indicate whether the link is among a list of bad websites. Alternatively, you can install Unshorten.link.It’s a Chrome extension that automatically redirects you to a link expansion page whenever you click on a short link, intentionally or accidentally.

Check the Sender Source

Another check to conduct when you receive a link via email is to check its source. Where is the message coming from? Check both the display and domain names. One common social engineering attack technique is to use the domain name of a reliable organization to convince you that it’s legitimate.

Check the Link for Glyphs and Foreign Characters

Phishing attacks also try to hide the address within a link by using URL encoding to replace the characters with special characters. In URL encoding, the letter B can translate to %42. 

Malicious hackers use this method to keep their link destination hidden. In this case, it’s highly recommended to use a URL decoding tool such as URL Decoder to detect the exact URL destination.

Cybercriminals also use script spoofing to register lookalike websites. They use letter combinations, foreign letters, and numbers to resemble a letter (or letter combinations) visually:

  • “m” looks like “rn” at first glance
  • Cyrillic “а” looks like Latin “a”,
  • “í” looks like “i”
  • “0” looks like “O”

If you’re not attentive enough, the naked eye could miss things like this.

Use a Link Scanner

You can also check a link for phishing with a link scanner to ensure it’s safe before performing any action on the site. A link scanner is a handy tool that helps you identify known malicious links to avoid clicking on them. Besides checking the link, some link scanners will examine the images, too.

EasyDMARC’s Phishing URL Checker

EasyDMARC’s phishing link checker is a great tool to detect phishing or malicious websites. It’s easy to use—simply copy and paste the link into the search bar and click the “Enter” or the “Check URL” button. 

Our tool can check for phishing URLs, detecting and analyzing up to 20 links at once. It displays the link’s URL status, either good or bad. 

A Good URL status means it is free from any malicious activities, while a Bad URL status means the link leads to a malicious website and should be avoided.

Setup an Antivirus With Real-Time Link Scanning

Antivirus software with real-time link scanning scans for any malware activities in real-time. Though this option can take up more system resources, it’s best to stop malware from entering your system rather than discovering malicious software afterward.

Keep Your Antivirus Up to Date

Ensure your antivirus setting is on auto-update to download the latest virus definitions. This allows the tool to catch the latest threats that can compromise your system. Be sure to check the date of the last update to confirm updates are taking place. 

Final Thoughts

Phishing attacks like consent phishing are getting more sophisticated as cybercriminals create more compelling stories to trick users into clicking malicious links. The aim is to compromise your system, steal sensitive data, or infect your system with malware. For that reason, organizations must teach their employees how to recognize and avoid email phishing

Never click on a link unless you are 100% sure it’s legit. Take note of the tips discussed in this article and conduct proper checks before taking any action. 

Even if the message is from a known source, it’s best to confirm the source and domain name. You can copy the link into our phishing link checker to confirm the URL status. If it’s “Good”, you’re free to click the link. But if it’s “Suspicious”, it’s highly recommended you avoid it.

Check Phishing URL

No one is attentive all the time, so you also need to know what to do if you click on a phishing link. Follow our tips and stay safe online!

How DMARC Can Improve Email Deliverability?

How DMARC Can Improve Email Deliverability?

There’s no doubt that email marketing is an essential and powerful tool for any...

Read More
Email Security News Round-Up [September 2022]

Email Security News Round-Up [September 2022]

September was a busy month filled with email security news and cybersecurity news stories...

Read More
How to Increase Domain Reputation with SPF

How to Increase Domain Reputation with SPF

Is your email open rate decreasing? Noticing a higher bounce rate? Well, this could...

Read More