You receive a text message claiming your package could not be delivered. An email says your bank account has been locked. A message on social media offers you an exclusive deal. They all have one thing in common: a link they want you to click. Some of these links are legitimate. Many are not. Phishing links are the primary delivery mechanism for credential theft, financial fraud, and malware distribution, and they arrive through every communication channel you use.
The phishing link scanner above lets you check any suspicious link before clicking it, giving you a clear picture of whether it has been flagged as dangerous by the world's leading threat intelligence sources.
Where Do Dangerous Links Come From?
Phishing links are not limited to email. Attackers distribute them across every platform where people communicate:
- Email -- Still the most common delivery method. Attackers impersonate banks, e-commerce platforms, and employers with urgent messages ("Your account will be suspended"). The APWG reports that email phishing continues to set new records each year.
- SMS (smishing) -- Fake delivery notifications, bank fraud alerts, and toll payment demands. Phone screens show less of the URL, making fakes harder to spot.
- Social media and messaging apps -- Phishing links spread through Instagram DMs, Facebook Messenger, Telegram, WhatsApp, and Discord. Telegram scams are particularly widespread, with fake bots and impersonation of crypto project staff.
- QR codes -- Malicious QR codes placed over legitimate ones in parking meters, restaurants, and public spaces redirect you to phishing sites.
- Search engine ads -- Attackers purchase sponsored results that appear above legitimate websites, linking to phishing clones of popular services.
⚠Never Trust a Link Based on Where It Came From
The sender of a message can be spoofed. A phishing email can appear to come from your CEO. A text message can display your bank's name. A social media message can come from a compromised friend's account. The source of a link tells you nothing about whether the link itself is safe.
What the Phishing Link Scanner Checks
When you paste a link into the scanner, it runs multiple checks in parallel:
- Browser Threat Intelligence -- Checks the URL against real-time indexes of known phishing, malware, and social engineering sites.
- VirusTotal (70+ engines) -- Scans the URL simultaneously against more than 70 antivirus and security engines.
- PhishTank -- Queries the community-verified phishing database, one of the oldest and most established collaborative phishing feeds.
- ScammerDetect database -- Cross-references the domain against our database of over 31,000 known scam and phishing domains, built from automated scanning, user reports, and threat intelligence feeds.
- Domain intelligence analysis -- Examines the domain's WHOIS registration, age, TLS certificate, and DNS configuration for fraud signals.
The scanner produces a risk score from 0 to 100. High scores mean the link matches known phishing patterns or has been reported by multiple sources. Low scores mean no flags were found -- but this does not guarantee safety for brand-new phishing links.
How to Protect Yourself Before Clicking Any Link
Build these habits into your daily routine to catch phishing links even without a scanner:
- Hover before you click. On desktop, hover over any link to see the real destination URL in the bottom-left corner of your browser. If it does not match what the link text says, do not click.
- Go directly to websites. If an email or text says there is a problem with your account, do not use the link provided. Open your browser and type the company's URL yourself, or use their official app.
- Inspect shortened URLs. Links using bit.ly, tinyurl, or other shorteners hide the real destination. Use a URL expander to reveal it before clicking.
- Be skeptical of urgency. Messages that pressure you to act immediately ("within 24 hours," "account will be locked") are using a classic social engineering tactic. Legitimate organizations give you time to respond.
- Verify the sender independently. If a message claims to be from someone you know, contact them through a separate channel to confirm they actually sent it.
The FTC recommends reporting phishing attempts to help law enforcement track and shut down operations. You can also forward suspicious emails to reportphishing@apwg.org and report phishing URLs to Google Safe Browsing. The FBI IC3 accepts reports of internet-enabled crimes including phishing.
⚠Already Clicked a Suspicious Link?
If you clicked a phishing link and entered any information, take action immediately. Change your passwords for all affected accounts. Enable multi-factor authentication. Contact your bank if you entered financial information. Monitor your accounts for unauthorized activity. For detailed recovery steps, see our guide on what to do if you have been scammed online.
Related Resources
GuidesHow to Report a Phishing Email
Provider-specific instructions for reporting phishing emails and forwarding them to authorities.
GuidesHow to Protect Yourself from Phishing
Layered defense strategies including MFA, password managers, and manual verification.
Platform GuidesCoinbase Scam Emails
How to identify phishing emails impersonating Coinbase and what to do if you receive one.
Scam TypesCrypto Rug Pulls
How phishing links funnel victims into fraudulent crypto projects designed to steal funds.
ListsBitcoin Scammer List
Searchable database of cryptocurrency scam domains ranked by risk score.