PhishingCheck

How does PhishingCheck work?

Paste the URL from a suspicious email and click Check. PhishingCheck analyzes the URL and displays the destination domain.

Phishing URLs (links) often hide the real URL-destination. Subdomains and usernames are inserted in the URL to simulate a legitimate destination and to confuse the user. PhishingCheck removes these irrelevant parts of the phishing URL.

What does the result tell me?

PhishingCheck does not give a judgment as to whether it is a phishing link or not. In case of doubt, it is advisable not to click on a potential phishing link and enter the company domain name in the browser bar manually.

When should I be particularly careful?

You should be careful if the URL-result doesn’t match the official company domain or the domain name is not used by the company. An IP address in the result field is also suspicious.

Examples of phishing URLs:

LinkTarget
http://h.paypal.de-checking.net/de/ID.php?u=LhsdoOKJfsjdsdvgde-checking.net
paypal.secure.server.deserver.de
paypal-secure.onlinepaypal-secure.online
paypal.de@secure-server.de/secure-environmentsecure-server.de
http://signin.paypal.com@10.19.32.4/oIP 10.19.32.4
http://63.17.167.23/pc/verification.htm?=https://www.paypal.com/IP 63.17.167.23
http://paypal.com.de.cgi-bin.webscr.cmd-login-submit.dispatch.securitycontrol.su/cgi-bin/securitycontrol.su
https://www.paypaI.depaypai.de