How to check a link before you click it

Here’s a small, unfair truth about online scams: the email is the easy part to fake. A logo, a tone of voice, a sense of urgency, even your name at the top — all trivial to copy. The one thing a scammer can’t fully hide is where their link actually takes you. So that’s where you look. And reading a web address turns out to be a ten-second skill that puts the odds back in your favour.

A web address isn’t magic — it’s an address

We’re used to treating a link as a single magic word: you click it, something happens. But a web address has a structure, and once you can see the structure, the important part jumps out.

Take a normal one:

https://www.yourbank.com/login

Ignore the https:// at the front and everything after the first single slash (/login) — that’s just the specific page. The part that actually decides whose site you’re on is the bit in the middle: yourbank.com. That’s the registered domain — the name someone had to buy and prove they control. Everything hinges on that.

The one move: read the domain right-to-left

Here’s the whole skill. Find the domain (the bit just before the first single /), and read it right-to-left to its last two parts. That’s the real owner. Everything to the left of that is a “subdomain,” and the owner can set it to say literally anything they like.

Which is exactly how the trick works:

https://www.yourbank.com.account-verify.ru/login

At a glance that looks like yourbank.com. But read it right-to-left: the last two parts before the slash are account-verify.ru. That’s the real site. The www.yourbank.com at the start is just a subdomain the scammer named to fool you — it belongs to account-verify.ru, not to your bank. Your bank is nowhere in it.

So the question you ask every time is simple: reading right to left, is the registered domain exactly the real company’s — and nothing tacked on after it?

Don’t trust the words — check where it really points

There’s a second trap: the text you can see is not the same thing as the link underneath it. A link can say www.yourbank.com and quietly point somewhere else entirely. So don’t read the words — check the destination:

  • On a computer: hover your mouse over the link without clicking. The real address appears at the bottom of the window (or as a little tooltip). Read that, right-to-left.
  • On a phone: press and hold the link (don’t tap). A preview pops up showing the true address. Read it, then let go.

If the visible words and the real destination disagree, that alone is your answer. Stop.

The handful of tricks worth knowing

Once you’re reading domains, the common cons all become visible:

  • The look-alike. paypaI.com with a capital i instead of an l; rnicrosoft.com where rn pretends to be an m; a zero standing in for an o. Slow down on anything that matters and read letter by letter.
  • The tack-on. apple.com.secure-update.net — real domain secure-update.net, with “apple.com” bolted on the front to reassure you.
  • The shortener. A bit.ly/… style link hides its destination entirely. Fine from someone you trust; treat with suspicion from someone you don’t — you can’t read what you can’t see.

The check, and the rule behind it

Next time a message asks you to log in, pay, or “confirm” something, do this before you click:

Hover (or long-press) the link, find the domain just before the first single slash, and read it right-to-left. Is the registered domain exactly the real company’s, with nothing added after it? If it isn’t — or you can’t tell — don’t click.

And the rule that makes the check unnecessary in the first place: for anything that matters, don’t use the link at all. If “your bank” emails you, don’t tap what they sent — open your browser and go to the bank the way you always do, or ring the number on the back of your card. A real company loses nothing when you reach it yourself. Only a fake one does.

That’s the quiet power of learning to read an address. The scammer can copy the logo, the wording, the urgency — everything except the truth of where their link goes. And that truth is always right there in the address, waiting for anyone who knows to read it right-to-left.

Spotted a mistake? We correct errors within 24 hours and log every one on our corrections page. Tell us: contact@webuser.com.