If you get a random text asking you to click a link, it’s probably a scam.
Getty/Karl Tapales
Scam links are getting harder to spot, which is bad news for everyday people who mistakenly click on a malicious URL as part of a phishing attack.
Many of them include standard “https” encryption and domains similar to legitimate websites. Phishing and spoofing scams led to more than $70 million in losses for victims in 2024, according to the FBI’s Internet Crime Complaint Center.
If you click on a scam link, you could suffer monetary losses. But arguably worse, you may give up very sensitive information like your name and credit card information to scammers or even risk malware being downloaded onto your device.
How to identify scam links
Scam links are often found in phishing emails, text messages or other communications sent by cybercriminals. They’re designed to fool you into downloading malware or bringing you to a fake website to steal your personal identifying information. Some examples of popular phishing scams include unpaid toll, gold bar and employment scams.
Criminals typically send these links out en masse — often aided by artificial intelligence. Enough people fall victim to phishing scams every year that con artists find it worth their while to follow the same playbook.
Here’s how to avoid taking the bait.
Check the URL
“Smartphones do their best to block scam links, so attackers use tricks to make their links clickable,” said Joshua McKenty, CEO of Polyguard.ai, a cybersecurity company that helps businesses protect mobile phones and call centers from AI-driven phishing scams.
For example, you’ll want to watch for an “@” sign in the URL, or you might have two different URLs “glued together” by a question mark, he added. Especially if the first URL is a Google.com or an Apple.com link.
Dave Meister, a cybersecurity spokesman for global cybersecurity company Check Point, added that you may be able to hover over the URL to reveal the actual destination. People should also look out for “typo-squatting,” when the URL looks authentic, but it has “PayPa1” instead of “PayPal.” That should tip you off that it’s a bad link.
Remember the URLs you frequently visit
It would behoove everyone to pay attention to the URLs they visit often.
“Major brands, especially banks and retailers, don’t often change up their domain names,” McKenty said. “If the link says Chase.com, it’s likely safe. If it says, Chase-Banking-App.com, stay away.”
Be suspicious of short links
Short links are often in texts and on social media. “Sadly, there’s no safe way to check a shortened URL,” McKenty said. He recommended not clicking on them.
“Bit.ly” or “shorturl” links often have standard “https://” encryption, which make them appear trustworthy. In these cases, it’s best to read the message itself and pay attention to any threatening language or pressure to act immediately to identify the scam.
How are scam links sent to victims?
Text scams
Ironically, these don’t always rely on website links. In fact, phone numbers are a frequent vehicle used in scammers’ phishing attempts, according to McKenty.
“People get tricked into clicking a phone number that’s not actually their bank or the IRS, and then surrendering identity information on the phone,” he said.
If you think you got a message from a scammer, as tempting as it is to mess with them, do your best to resist. If you interact with the scammer, they may want to circle back knowing that you’re reachable.
Email scams
Emails can also have scam links.
McKenty said that while clicking on phone numbers and links in texts is happening more frequently, “the biggest dollar losses are still the classic email scams.”
He suggests copying any link you see into a notes app so that you can properly inspect it before clicking.
QR code scams
Sometimes, scams can even be embedded into a QR code.
“QR codes have become the new stealth weapon, used everywhere from restaurant menus to parking meters,” said Meister.
“Scammers are known to slap fake codes on top of real ones in public, or embed them in phishing emails, linking to cloned websites or malware downloads,” he said.
Before you scan, make sure the QR code makes sense. If it’s on the side of a gas pump, on a random park bench or in an unrecognized email, it’s better to avoid it.
Social media direct messages
Chances are, you’ve run into these scam links. Sometimes social media accounts get compromised by cybercriminals posing as people you know.
If your “uncle” sends you a direct message while sounding like a pushy timeshare salesman, telling you to check out this investment opportunity by clicking on a link, call your uncle first.
What if I already clicked a link?
If you clicked on a scam link, a number of things could happen. If you have software protecting your device, the firewall probably blocked it. If you don’t have software protecting you from computer viruses and malware, then you might have a problem.
Try these tips if you think you might’ve clicked on a phishing link:
Get anti-virus software.If you don’t already have anti-virus software that can help rid your laptop or desktop of viruses, you should get one. There are plenty of free and paid options to choose from.Be aware of malware. Your phone isn’t immune to malware. Scam links are often designed to trick somebody into downloading malware, which can then give the scammer access to your phone. If your phone is infected with malware, do not access any financial apps. Instead, clear your browser cache, remove any apps you don’t recognize, or try a factory reset. If you’re really stuck, you could also call your phone’s tech support. Your phone might be slow or unresponsive and you may see increased pop-up ads if it’s infected.Contact your bank or credit card issuer.If you’ve been visiting your bank website or app on a compromised device, to be safe, let your financial institution know.Contact the authorities. If you clicked on a spam link and were scammed out of money, report it to the Federal Trade Commission so they can spread the word about the scam. You’ll also want to call your police department and anyone else you can think of. The more people are aware of a scam, the less likely they’ll fall for it.
