Every day, a few billion phishing messages land in inboxes and chat apps. Most of them rely on one thing: you clicking a link before thinking. The good news is that before you click, you can run a quick five-signal check that costs nothing and takes under sixty seconds. This article walks through those signals in the order that matters most, then points you at SafeCadence’s free tools for the cases where you want a second opinion.
1. Hover the link to see where it actually goes
On desktop, hover over the link without clicking — the destination URL appears at the bottom of your browser. On mobile, long-press the link; a preview pops up with the real destination. The visible text (“Verify your account”) and the actual URL are not the same thing, and scammers count on you not checking.
A legitimate PayPal email links to paypal.com. A phishing one links to paypa1-login.com or secure-paypal.top. The eye misses the “1” where there should be an “l”; the brain sees “paypal” and trusts the link.
2. Read the domain right-to-left
Domains are read backward. The part just before the first single slash is the real domain; everything before that is a subdomain that the attacker controls.
In https://paypal.com.secure-login.top/account the real domain is secure-login.top, not paypal.com. “paypal.com” is just a subdomain the scammer picked to make the URL look legitimate. This trick works on roughly one in five first-time readers.
3. Check the TLD
The top-level domain — .com, .org, .top, .xyz — is a cheap but meaningful signal. A handful of TLDs are heavily over-represented in phishing: .top, .xyz, .click, .loan, .work, .rest, .monster. If you got a text from “your bank” pointing to a .top domain, your bank did not send it.
4. Consider the age of the domain
Phishing campaigns use brand-new domains registered minutes before the attack. Domain age is one of the single most reliable phishing signals — if a domain was registered two days ago and claims to be “Amazon Official Refunds,” you have your answer. SafeCadence’s Domain Age Lookup pulls the registration date from free public registries in under a second.
5. Paste it into a link checker (the safety net)
When you are unsure, run the URL through our free Phishing Link Checker. It combines all five signals above (TLD risk, lookalike-brand detection, homograph detection, domain age, and redirect-chain analysis) into one score. We never store the URL you submit.
If the link is shortened (bit.ly, tinyurl, t.co), use the Redirect Chain Analyzer first — it shows every hop the shortened link takes before its final destination.
When to click and when not to
A rule worth tattooing: type the known URL into your browser yourself rather than clicking a link in an email or text. If your bank tells you your card has been frozen, open a fresh tab, type the bank’s URL, and log in there. A real alert will appear inside your account dashboard. A fake alert only exists in the text.
This one habit — “navigate directly, never click the link in the message” — defeats 90% of phishing. The remaining 10% are sophisticated enough that you need either the five-signal check above or a link-checker tool.
FAQ
Does HTTPS mean a link is safe?
No. HTTPS means the connection is encrypted — it does not mean the site is trustworthy. Phishing sites routinely have valid TLS certificates (Let’s Encrypt issues them for free to any domain). The padlock next to the URL tells you the connection is encrypted, not that the owner of the site is honest.
Is it safe to preview the link by long-pressing on my phone?
Yes — long-pressing shows the URL without following it. Both iOS and Android handle this without network activity. You see the destination, cancel, and no request is made.
What if I already clicked?
Don’t enter any information on the page. Close the tab. If you think the site may have dropped malware or a credential-stealer script, run a full antivirus scan and change any passwords that autofilled on the page. If you entered a password, change it everywhere you reused it — start with your email and bank.
Can the phishing checker analyze a link I received by SMS?
Yes. Long-press the link on your phone, copy it, and paste into our Phishing Link Checker. If the link goes to a QR code, use the QR Code Link Scanner first to extract the destination URL.
Bottom line: you do not need to click anything to evaluate a link. The five-signal check above defeats most phishing. Our free tools catch the rest. And when in doubt, type the URL yourself.