Links are everywhere — emails, texts, social posts, online articles, ads, receipts, and collaboration tools. Most are harmless. Some are outdated. A few are dangerous. Cybercriminals often disguise malicious links to look like trusted websites, hoping you’ll click before you think.
The good news? One simple habit can help you avoid a lot of trouble: check where a link leads before you open it.
Why should you check links before clicking?
Phishing scams often rely on fake links. A message may look like it came from your bank, delivery company, cloud storage provider, employer, or favorite store. But the link may lead to a fake login page designed to steal your password, payment details, or one-time security code.
The FBI’s 2025 Internet Crime Report shows why this matters: IC3 received more than 1 million complaints of suspected internet crime in 2025, with reported losses exceeding $20 billion. The FBI also reported that phishing, spoofing, extortion, and investment schemes were among the most frequently reported complaints.
How do you hover over a link on Mac or PC?
On a laptop or desktop, checking a link is easy:
- Move your mouse pointer over the link.
- Do not click.
- Look at the bottom-left corner of your browser or email app.
- Review the full destination URL.
- If the destination looks strange, don’t open it.
For example, a link that says “Sign in to Microsoft” should not point to a random domain filled with numbers, misspellings, or extra words. Verizon’s 2025 DBIR found that credential abuse and phishing remain major parts of the breach landscape, with credential abuse listed as a leading initial access vector.
How do you check a link on mobile?
Mobile devices make link-checking trickier because there’s no mouse hover. Use this safer method:
- Press and hold the link instead of tapping it.
- Preview the URL that appears.
- If needed, choose Copy link.
- Paste it into a note, not a browser.
- Read the full address carefully before deciding whether to open it.
Be careful: some apps show a preview card that still encourages quick tapping. Slow down and inspect the actual domain.
What are red flags in a suspicious link?
Before opening a link, watch for:
- Misspelled domains like micros0ft.com instead of microsoft.com
- Extra words before the real brand like secure-login-bank-example.com
- Shortened links that hide the destination
- Strange file downloads ending in .zip, .exe, or unfamiliar formats
- Urgent language telling you to act immediately
- Links in unexpected messages about account problems, missed deliveries, refunds, or prizes
The FBI warns that phishing websites are commonly used to trick people into entering credentials on fraudulent pages that look legitimate.
What should you do instead of clicking?
Use these safer habits:
- Go directly to the website by typing the address yourself.
- Use bookmarks for banking, email, cloud storage, and work tools.
- Open official apps instead of links in messages.
- Report suspicious emails or texts to the company being impersonated.
- Delete the message if you can’t verify it.
Hovering over a link — or pressing and holding on mobile — takes only a second, but it can stop you from landing on a fake login page or malware download. Treat links like digital doorways: check where they lead before walking through.
