Phishing URL Checker — Is This Link Safe?

ALREADY CLICKED A SUSPICIOUS LINK? DO THIS NOW

1. Don't enter any info. Close the tab immediately.
2. If you entered a password — change it on the real site right now, on every site where you used the same password. Use our password tool to generate a new strong one.
3. If you entered card/UPI details — call your bank's helpline to block the card. Check transactions in the next 48 hours carefully.
4. If you downloaded a file — don't open it. Run an antivirus scan (Windows Defender works fine for most cases).
5. Report the link — forward phishing SMS/WhatsApp to 1909 (DoT spam line) or report on cybercrime.gov.in.

FAKE DELIVERY SMS

"Your package is held at warehouse. Pay ₹25 redelivery fee at: indiapost-redelivery.xyz" — India Post never charges redelivery, never sends payment links via SMS. Always check the real domain (indiapost.gov.in).

FAKE BANK KYC

"Your account will be blocked tomorrow. Update KYC at: sbi-kyc-update.tk" — Banks NEVER send KYC links via SMS. Real bank domains end in .com (sbi.co.in, hdfcbank.com), never .tk, .ml, .xyz.

FAKE PRIZE / LOTTERY

"Congratulations! You won ₹5,00,000. Claim at: bigwin-claim-now.click" — You don't enter contests you didn't sign up for. Free TLDs like .click, .top, .xyz are massively abused for these scams.

FAKE UPI REFUND

"Your refund of ₹1,500 is pending. Approve UPI request from: refund@verified" — There's no such thing as a UPI refund that requires you to approve a payment. UPI requests = sending money, not receiving.

FAKE ELECTRICITY BILL

"Your power will be cut tonight. Pay overdue at: 8.8.7.7.com/pay" — Real electricity boards send bills through their official apps and verified domains. Never click random "pay now" links.

JOB / WFH SCAM

"Earn ₹3000/day from home. Click: easy-jobs-india.online" — Real jobs don't message you out of nowhere asking to "register" with payment. If they ask money for a job — it's a scam.

🔍

CHECK THE EXACT DOMAIN

Look at what comes right before the first single slash. paytm.com.scam.xyz/login is NOT paytm — the real domain is scam.xyz.

🔒

HTTPS ALONE ≠ SAFE

A green padlock just means the connection is encrypted. Phishing sites also use HTTPS. The padlock doesn't mean the site itself is legitimate.

🚫

SUSPICIOUS TLDs

Free TLDs like .tk .ml .ga .cf .gq and cheap ones like .xyz .top .click .download are used for 90% of phishing because they're cheap to register.

🔢

IP ADDRESS LINKS

Legitimate sites use domain names, not IP addresses. http://185.220.x.x/login for a "bank" or "Amazon" login is always a scam.

✏️

TYPOSQUATTING

Look for slight misspellings: gooogle.com, paytrn.com, arnazon.com. Read every letter carefully — attackers count on you not noticing.

🔗

URL SHORTENERS HIDE

Links like bit.ly/xyz or tinyurl.com/abc hide the real destination. Use checkshorturl.com to expand them before clicking.

PHISHING_CHECK