Get smart on Phishing! Learn to read links!

Phishing email for Paypal
A pishing email for Paypal. The Apple Mail program shows the real link target in a pop-up bubble when you hover your mouse over the link.

If you came here, you probably received an email like the one to the right. They are fake messages intended to lure you to fake websites that are made to look like e.g. a bank website, but in reality set up by data thieves. If you fill in forms on those sites, you will give all your information to criminals and invite indetity theft, credit card fraud, cleaned out bank accounts etc. This is called "phishing".

Phishing can be attempted for anything that requires a login or holds data of some value: banks, eBay, Paypal, Facebook, credit card companies, even your frequent flyer program or popular discussion forums. The emails can look very real and tempting to click. Say, if you have a Facebook account, you are used to the notification emails everytime one of your friends did something on your profile. Imagine a message: "Your friend XYZ commented on a picture of you. Click here to see comment." Wouldn't you want to see what your friend wrote? So you click and as expected you get to the Facebook login page. Or did you?

Ideally you should NEVER click on such emails. Instead go the the site on your own by typing e.g. directly into the browser, log in from there and check your account. It's like saying: "Don't call me, I call you!"

Below, learn how to identify links to fake sites, so you will not be fooled!

  1. What is the actual link?
    What you read as link may not be the real destination. We've all seen links like Click here! Obviously, "Click here" is not a web address, but it does link somewhere (in this case, back to this page). You can see the real link target at the bottom of your browser when you hover your mouse over the link. The description ("Click here") and the link target ( are two different things and I could make the description anything I want. I could even make it look like another link.

    Look at the Paypal example. It looks like it's a link to
    but that's really just the description; it's as meaningless as "Click here" for determining where the link points to. In reality, the link goes to
    If you do click, that link with the weird number will be what you see in your browser's address bar. And it's not a Paypal site. But how do you know that? After all, it does say "paypal" there at the end?

  2. A pishing page for Chase. Notice the address (URL) in the browser address bar.
  3. What site does the link really point to?

    Animation showing how to determine the domain in an URL

    Look for the first slash after (not including) http:// then go BACKWARDS from there to the SECOND dot. The main address of a website, also called "domain", consists of two parts separated by a dot (e.g. which is why we skip that one dot. If there are no two dots before the first slash, then simply go to the beginning of the URL. You want that to be the expected site name (domain), if it's anything else, it's most likely a phish. Let's take Chase bank as an example:
    The first slash after http:// is emphasized. In front of it is This would be legitimate. Whether it says support, www or something else before the next dot is irrelevant. The following links would all be fake:

There are many other signs that give away phishing attempts, like no secure (SSL) connections, no personal details (your name or last digits of account number) that a legitimate sender would know included in the email to you, violation of common sense and the "Too good to be true" rule (No bank will EVER just hand out $100 to every response to a short survey as claimed in the picture above), fake certificates, etc. You can learn more about those and phishing in general with a simple search:

Stay safe!

What do you want to do next?

Want to learn how to get a handle on spam too? Go to the BustSpammers homepage!