Blue checking accounts icon

Help Fight Phishing Scams by Inspecting Links in Emails and Texts

Protecting Your Information

Read Time: 1 minute

You’ve probably noticed that scam emails and texts are getting harder to tell apart from legitimate messages. If it’s enough to make you question everything that hits your phone or inbox, you’re not alone.

So, what can we do?

First off, trust your gut. If you aren’t expecting a message, don’t be so quick to click a link (whose sole purpose may be to collect usernames, passwords, or other sensitive information).

But your gut isn’t your only resource. Try the tips below to determine the validity of links embedded in unexpected emails and texts—even when the message appears to be from a reputable source.

Checking links in emails

Unfortunately, it’s easy to hide where links will take you from an email. (See the example screenshots from a desktop computer and mobile device below.) Often, an email makes its way into your inbox with a hyperlink that’s displayed in a way that makes it appear to come from a credible source. (Or, it might say “click here” or “sign on.”)

Here’s how to inspect hyperlinks in emails to see where they really go:

  • On a desktop computer: Hover your cursor over the hyperlink. The intended address will be displayed near the hyperlink:

  • On a mobile device: Press and hold your finger on the link—being careful not to tap it—and the destination link will appear as a pop-up:

Checking links in texts

Inspecting links in a text is a little trickier. Text links can’t be masked like in emails, so you’ll need to understand the different parts of a URL (the website address) to determine if it’s legitimate or not. Let’s start by reviewing a diagram of a URL’s structure:

Let’s break down SELCO’s full website address, https://www.selco.org

  • The “https://” is the “scheme” or “protocol” and lets you know if the site is secure or not. (You want to look for the “s” at the end of “http.” This stands for “secure.”)
  • The subdomain is “www” (the most common subdomain).
  • “selco” is the second-level domain.
  • The top-level domain is “.org,” which sets it apart from the most common top-level domain, “.com.”

As you can see in this recent, real-life phishing text attempt, all the components of the link are red flags:

A slightly more sophisticated scammer might have used “http://www.selco.com,” but even that address has multiple red flags—the “http://” isn’t SELCO’s secure scheme, and “.com” isn’t SELCO’s top-level domain.

In today’s hustle and bustle, it can be tempting to respond to a text or email quickly and get on with your day. In fact, scammers rely on it. But slowing down to confirm the authenticity of hyperlinks in emails and texts will go a long way toward keeping your information safe (and saving you even more time and headache if the sender is a scammer in disguise).

The Latest in Offers and Features from SELCO

Popular Holiday Scams (and How to Avoid Them)

It’s natural to act quickly when you find a good deal—especially when you’ve been searching for the perfect gift. That's why scammers step up their game during the holidays.
Paper cutout of broken heart on keyboard

Romance Scams: Breaking Hearts & Bank Accounts

Romance scams, in which fraudsters target vulnerable individuals looking for companionship, are on the rise. We explore how they work and how you can protect yourself from falling victim.

Account Takeover Fraud Is on the Rise. Avoid Becoming a Victim

Account Takeover Fraud, an online scam in which criminals gain access to a user's login credentials to take control of legitimate accounts, is rampant. Awareness and vigilance will help put a lock on your accounts and sensitive information.

Why stop now?

Discover additional resources and other financial topics by visiting our Education Center.  

Keep Exploring