๐ŸšฉThatScam.com
๐Ÿ”—

Suspicious Link Checker

Paste the link or URL you want to verify. We'll analyze the domain for signs of fraud.

๐Ÿšฉโœ‰๏ธ๐Ÿ“ฑ๐Ÿ”—๐Ÿ’ผ
0/1000

Try an example

Warning signs to look for

Check the domain carefully

paypa1.com is not paypal.com. Scammers swap letters, add hyphens, or use different TLDs.

Suspicious TLDs

Domains ending in .xyz, .click, .top, .tk are frequently used in scam campaigns.

URL shorteners

bit.ly and tinyurl hide the real destination. Always suspicious when received unsolicited.

HTTPS doesn't mean safe

A padlock icon only means the connection is encrypted โ€” not that the site is legitimate.

Subdomain tricks

paypal.scam-site.com โ€” 'paypal' is just a subdomain. The real domain is scam-site.com.

Lookalike characters

Some scams use characters that look identical to Latin letters (rn vs m, 0 vs O).

Why checking links before clicking matters

A single click on a malicious link can lead to stolen credentials, malware infection, or financial loss. Phishing websites have become so sophisticated that they are often indistinguishable from the real thing โ€” same logo, same layout, same color scheme.

In 2024, the Anti-Phishing Working Group (APWG) recorded over 5 million unique phishing URLs โ€” a record high. Most of these links were distributed via email and SMS, designed to impersonate banks, e-commerce platforms, streaming services, and government agencies.

The good news: most malicious URLs have tell-tale signs in the domain structure that you can learn to spot. Our tool analyzes these signals automatically.

How scammers create fake URLs

Typosquatting

Scammers register domains that look almost identical to real ones, counting on users misreading or not noticing the difference. Common techniques include swapping letters (paypal โ†’ paypa1), adding hyphens (pay-pal.com), doubling letters (paypall.com), or changing the TLD (paypal.net instead of paypal.com).

Subdomain hijacking

The URL paypal.com.account-verify.net looks like it might be PayPal, but the actual domain is account-verify.net. "paypal.com" is just a subdomain. Always read the domain from right to left, starting from the first single slash.

Suspicious TLDs

Top-level domains like .xyz, .click, .top, .tk, .ml, .cf, .ga are either free or extremely cheap, making them popular with scammers who need to register many domains quickly and abandon them when blocked.

URL shorteners

Services like bit.ly, tinyurl.com, or t.co hide the actual destination URL. While legitimate uses exist, in the context of unsolicited messages they are a significant red flag.

Unicode lookalike characters

Some sophisticated attacks use Unicode characters that appear visually identical to standard Latin letters โ€” for example, using the Cyrillic letter "ะฐ" instead of the Latin "a." These are nearly impossible to detect by eye.

How to analyze a URL before clicking

  1. Read the domain carefully: Focus on the part between the last two dots before the first single slash. That is the actual domain.
  2. Check the TLD: Is it .com, .org, .gov? Or something like .xyz, .click, or .top?
  3. Look for hyphens: Legitimate company domains rarely contain hyphens (amazon-secure.com is not Amazon).
  4. HTTPS doesn't mean safe: The padlock icon only means the connection is encrypted, not that the site is trustworthy. Scam sites routinely use HTTPS.
  5. Check for number-letter substitutions: 0 for O, 1 for l or I, rn for m.
  6. Expand shortened URLs before clicking using a URL expander service.
  7. Paste the URL here for an automated analysis covering all of the above and more.

What our link checker analyzes

When you paste a URL into ThatScam.com, we analyze:

  • Domain similarity to known trusted brands (PayPal, Amazon, Apple, Microsoft, Google, Netflix, DHL, FedEx, IRS, HMRC and more)
  • Subdomain hijacking patterns
  • Suspicious TLD classification
  • URL shortener detection
  • Presence of urgency or manipulation language in surrounding context
  • AI analysis of the full context in which the link was received

What to do before clicking a suspicious link

  1. Paste the URL here for an instant risk analysis.
  2. If the link was in an email or SMS, check whether you were expecting this communication.
  3. Navigate to the company's website directly by typing it into your browser โ€” never use a link from an unsolicited message.
  4. If the link is shortened, use a URL expander to see the real destination before clicking.
  5. When in doubt, contact the company directly through their official support channels.

What to do if you clicked a suspicious link

  1. If you entered credentials: Change your password immediately on that service and any other account using the same password.
  2. If you entered payment details: Contact your bank or card issuer immediately to report potential fraud.
  3. Disconnect from the internet temporarily if you suspect malware was installed.
  4. Run a security scan on your device using a reputable antivirus tool.
  5. Enable 2FA on critical accounts if not already active.
  6. Monitor your accounts for unusual activity over the following days.

Frequently Asked Questions

Should I paste the full URL?

Yes โ€” include the full URL with context if possible (e.g. 'I received this in an email'). The more context, the more accurate the analysis.

Will ThatScam.com visit the link?

No. We analyze the URL structure and domain only โ€” we never open or visit the link. It's safe to paste suspicious URLs here.

What if the link is shortened (bit.ly)?

Paste it as-is. We'll flag URL shorteners as a risk signal. To see the final destination, use a URL expander service before clicking.

Does HTTPS mean a site is safe?

No. HTTPS only encrypts the connection between your browser and the server. Scam websites routinely use HTTPS. Always check the actual domain.

What are the most dangerous TLDs?

.xyz, .click, .top, .tk, .ml, .cf, .ga are frequently abused by scammers due to their low cost. However, any TLD can be used for fraud โ€” always check the full domain.