Before you respond
Check a suspicious link without clicking
Learn how to check a suspicious link without clicking, including safe ways to inspect the sender, domain, message context, and next steps.
Reviewed June 10, 2026
Quick answer
To check a suspicious link without clicking, look at who sent it, read the visible domain carefully, compare it with the official website, and open the real app or site yourself instead.
Do not paste passwords, card numbers, one-time codes, or identity details into a page from an unexpected link.
At a glance
A suspicious link is a web address in a text, email, QR code, ad, or message that may lead to a fake login, payment, malware, or identity page.
- The message pressures you to click before you can verify.
- The domain has misspellings, extra words, or a strange ending.
- The page asks for passwords, codes, payment, or identity details.
Do not click; open the official app or type the real website yourself.
How to inspect a link before you trust it
A link can look familiar while sending you somewhere else. Scammers use shortened URLs, look-alike domains, subdomains, QR codes, and urgent account messages to make a fast tap feel normal.
The safer check is to separate the claim from the link. Read the message, identify the company or agency it claims to represent, then open that company or agency through an official app, saved bookmark, bill, card, or website you type yourself. If the page asks for a password, one-time code, card, Social Security number, or driver's license number, stop and verify another way.
What it may look like
"Security notice: unusual sign-in detected. Verify your account now at this shortened link or access will be suspended."
Signs to slow down
- The link arrives unexpectedly by text, email, social media, marketplace chat, QR code, or ad.
- The visible web address is shortened, misspelled, very long, or not the official company domain.
- The message threatens a fee, account closure, legal action, missed delivery, or lost refund.
- The page asks for passwords, one-time codes, card details, identity information, or a software download.
- The sender tells you not to use the official app or normal support channel.
What to do next
- Do not click or tap the link if you can verify another way.
- Open the official app or type the official website yourself.
- Compare the sender, domain, and claim with recent activity in the real account.
- Ask a trusted contact for a second opinion if the message still feels urgent.
- If you already clicked, close the page and follow post-click steps based on what information you entered.
How to report it
- Forward phishing texts to 7726 when your carrier supports it.
- Report phishing attempts to ReportFraud.ftc.gov.
- Report USPS-related package texts or emails to spam@uspis.gov when relevant.
How Olevo can help
Olevo can help you review a suspicious link before you click.
Paste the message text for a Private Check. If the sender, link preview, QR code, or screenshot is easier to show, use Detailed Review with only the information you choose to share.
Trusted sources
How To Recognize and Avoid Phishing Scams
Federal Trade Commission
FTC guidance explains common phishing signs and recommends reporting attempts to ReportFraud.ftc.gov.
Spoofing and Phishing
Federal Bureau of Investigation
FBI guidance explains that spoofing can disguise phone numbers, sender names, emails, and websites.
Scammers hide harmful links in QR codes to steal your information
Federal Trade Commission
FTC guidance warns that QR codes can hide harmful links that ask for account, payment, or identity information.
Smishing: Package Tracking Text Scams
United States Postal Inspection Service
USPIS explains that package-tracking text scams use unsolicited messages and unfamiliar links.
Common questions
How can I check a suspicious link without clicking it?
Read the visible domain, compare it with the official website, and open the company or agency through an app, bookmark, bill, card, or website you type yourself.
Is hovering over a link enough?
Hovering can reveal a destination on some computers, but it is not enough by itself. Still verify through the official site or app before entering information.
What if the link is shortened?
Treat shortened links in unexpected messages carefully. If the claim is real, you should be able to check it through the official account without using the shortened link.
What should I do if I already clicked?
Close the page. If you entered a password, code, payment, identity detail, or downloaded software, follow the right recovery steps for that account or device.