How to Tell Phishing Emails from Legitimate Ones: Check the Links

How to Avoid Falling for Phishing Schemes

As cybercriminals continue to become more sophisticated in their attempts to obtain access to our money and personal information with phishing emails, it’s important for us to remain aware of both how these emails are designed to trick us and how we can avoid falling for their bait. One effective way of determining whether an email asking for our information is legitimate is checking the URLs behind the links we see in it. This may sound like it requires a geek's knowledge of web programming, but it's actually pretty easy, and anyone can do it.

First, an Example

PayPal Email

The phishing email that sparked this blog entry (pictured above) claims to be a message from PayPal, asking the recipient to click a link to “Confirm your PayPal account information.” Well, clicking that link would not take you to PayPal. It would take you to an impostor website where if you entered your login information, you would be giving cybercriminals access to your PayPal account. Scary, right?

And, like other recent phishing schemes, the email looks pretty legitimate, using the PayPal logo and everything. Furthermore, a different link within the same email would actually take you to the real PayPal site, which adds to the email’s illusion of legitimacy.

How to Tell if a Link (and an Email) Is Legitimate

So how do you avoid falling for the phisherman’s bait? As mentioned above, you check the links, which is exactly what we did with the email from “PayPal.”  

Here’s how:

  1. Simply hover your cursor over the link in question, whether the link is an image, a link imbedded in text, or even a typed out URL.

  2. If you are using a freestanding email client like Outlook or Mail, the URL behind the link will appear in a little pop-up message. If you are using a browser-based email application like Gmail, the link’s URL will appear along the bottom pane of the browser window.

  3. If the URL looks like an address you’d expect to see (in our example’s case, if it actually displayed a page that was part of ‘’), you’re probably OK to click on it. If you see a different address (in this case it looked something like ‘’), you know that the link is illegitimate and that you should avoid clicking on it.

By checking links before clicking on them, you’ll be able to tell where they will take you and, thus, whether or not they are trying to trick you. As phishing attempts continue to become more sophisticated, checking links is as close to a sure-fire way as you can have to determining an email’s legitimacy. And since it's so quick and easy, we recommend doing it often, especially when emails ask you to provide any sort of information.