Phishing Link Checker

Someone sent you a link? Paste it here and find out if it's safe to click — a free scan for phishing, malware, and scam flags.

How to spot a phishing link before you click

Phishing links succeed by looking one glance away from legitimate. These are the six tricks behind most of them — if the link in front of you matches any of these patterns, scan it first.

The domain is almost right

paypa1.com

A digit for a letter, a doubled character, rn instead of m. Typosquatters count on you skimming — read the domain character by character.

The real domain hides at the end

paypal.com.secure-check.xyz

Only the domain just before the first slash identifies the owner. Here that's secure-check.xyz — everything in front is stage dressing.

The link is shortened

bit.ly/3xK9…

Shorteners hide the destination completely. Fine in a newsletter you trust; a red flag in an unexpected text about a package or a toll.

The message wants panic, not thought

“Your account will be closed in 24 hours”

Urgency is the engine of every phish. Deadlines, threats, and jackpot prizes all serve one purpose: making you click before you check.

The text and the URL disagree

“Visit chase.com” → hover shows another site

Link text is just text. Hover on desktop or press and hold on mobile to reveal the real destination before you commit a click.

A login page you didn't navigate to

Email → “Sign in to continue”

Credential harvesting needs you to type your password on their page. When an email leads to a login form, close it and sign in from your bookmark instead.

What the scan checks

The checker evaluates the link the way mailbox providers and security filters do — against reputation data, not appearances.

Phishing & malware blocklists

The URL and its domain are checked against major threat-intelligence databases that track live phishing campaigns and malware hosts.

Domain reputation signals

The domain behind the link is scored on its history — spam associations, abuse reports, and how mailbox providers and filters treat it.

The true destination

Shorteners and redirect chains are resolved so the verdict applies to the page you'd actually land on, not the wrapper you were shown.

A verdict you can act on

Instead of a wall of raw data, you get a clear read: flagged as dangerous, suspicious, or clean — before the link is ever opened.

Clicked a phishing link? Do this now

A click alone is rarely a catastrophe. Work through these four steps calmly, in order.

1

Stop and enter nothing

Close the page. Clicking is rarely the damage — typing your password or card number is. If you entered nothing, you're most likely fine.

2

Change any password you typed

Do it from a device you trust, starting with the affected account and anywhere that password is reused. Turn on two-factor authentication while you're there.

3

Scan the device

If you downloaded a file or the site tried to install something, run a full antivirus scan before you keep working.

4

Warn and watch

Report the message to your IT team or mail provider, and keep an eye on bank statements and login alerts over the following weeks.

Want the full walkthrough? What to do if you clicked on a phishing link covers each step in detail, and What is phishing? explains how these attacks work.

Checking your own links instead? If you're a sender auditing how spam filters see the URLs in your emails and pages, run a URL reputation check on your domain.

Check URL reputation →

Phishing link safety knowledge base

Paste the full URL into the checker above and run the scan — copy it without opening it by right-clicking the link and choosing “Copy link address” (on a phone, press and hold, then copy). The scan checks the link against threat-intelligence blocklists, looks for phishing and malware flags, and evaluates the domain behind it, so you get a verdict without ever loading the page. You can also do a quick manual read first: check that the domain is spelled exactly right, be suspicious of shortened links, and remember that the real owner of a link is the domain just before the first slash.

Three checks catch most phishing links before you click. First, reveal the true destination: hover over the link on desktop or press and hold on mobile, and compare it to the text you were shown — a mismatch is a classic phishing tell. Second, read the domain right to left: the registered domain sits directly before the first slash, so paypal.com.account-verify.xyz belongs to account-verify.xyz, not PayPal. Third, when the message pressures you to act immediately — a locked account, a missed delivery, an unpaid toll — slow down and scan the link here instead. A legitimate organization won't punish you for taking sixty seconds to verify.

The scan evaluates the link across several dimensions: whether the URL or its domain appears on major phishing and malware blocklists, the reputation and history of the domain hosting it, and threat signals like spam associations and abuse reports. Because the check runs against the destination rather than the way the link is dressed up, tricks like URL shorteners, lookalike spelling, and redirect chains don't fool it. You get a readable verdict on whether the link is flagged as dangerous, suspicious, or clean.

The patterns repeat: a domain that is almost right (paypa1.com, arnazon.com); the real brand name buried in a subdomain of a domain the attacker owns (microsoft.com.login-verify.xyz); shortened links that hide the destination entirely; a message engineered around urgency or fear, like an account suspension or a package fee; link text that says one thing while the underlying URL points somewhere else; and login pages reached from an email rather than from your own bookmark. Any one of these is reason enough to scan the link before opening it.

Don't panic — clicking alone is usually not the disaster; what you do next matters more. Close the page and enter nothing. If you typed a password, change it immediately from a device you trust, starting with the affected account and anywhere you reuse that password, and turn on two-factor authentication. If you entered payment details, contact your bank or card issuer and watch for fraudulent charges. Run a full antivirus scan if you downloaded or opened anything. Finally, report the message to your IT team or mail provider so the link gets blocked for everyone else.

On a patched, up-to-date device it's unlikely. Most phishing links don't attack your device at all — they lead to a fake login page and wait for you to hand over credentials, so the real damage happens when you type, not when you click. That said, clicking can confirm to the attacker that your address is live, and drive-by downloads that exploit outdated browsers or plugins do exist. Keep your browser and OS current, and if you clicked something suspicious, close the tab, enter nothing, and run a malware scan for peace of mind.

No — this is one of the most dangerous myths in phishing. The padlock only means the connection between you and the site is encrypted; it says nothing about who runs the site. TLS certificates are free and issued in minutes, so the overwhelming majority of phishing sites now serve their fake login pages over perfectly valid HTTPS. Treat the padlock as table stakes, not a safety signal: what identifies a site is its domain name, and what tells you whether that domain is malicious is a reputation scan like this one.

Shortened links aren't malicious by themselves — marketers use them constantly — but they hide the destination completely, which makes them a favorite wrapper for phishing URLs. You can't judge a bit.ly or tinyurl link by looking at it, so let the scanner do it: it follows the redirect chain and evaluates the page you would actually land on. Be extra cautious with shortened links in unexpected texts and emails, where legitimate senders would normally use their own domain.

Yes — the checker is completely free, with no signup, no account, and no scan limit. Paste any link you've received by email, text, or chat and get an instant verdict. Palisade makes money helping companies secure their email domains with DMARC, so the link checker stays free as a public utility. If you want ongoing protection for a whole domain rather than one link at a time, that's where our monitoring platform comes in.

Same scanning engine, opposite direction. A phishing link checker answers a recipient's question: someone sent me this link — is it safe to open? A URL reputation check answers a sender's question: are the links I put in my own emails and pages flagged anywhere, and are they hurting my deliverability? If you're vetting a link that landed in your inbox, you're in the right place. If you're a sender auditing how filters see your own URLs, use our URL reputation check.