SiteAlertAI SiteAlertAI
⬡ Web Scan 🔒 SSL/TLS 📬 MX Record ✉ Email Header 🎣 URL Check 🌍 IP Geo
⬡ Web Scan 🔒 SSL/TLS 📬 MX Record ✉ Email Header 🎣 URL Check 🌍 IP Geo
← All articles
Phishing 2026-03-04 · 6 min read

Phishing Techniques Explained: How Attackers Trick You

Phishing links are engineered to look trustworthy for just long enough to capture a password or payment. Understanding the common techniques makes them far easier to spot.

Domain deception

  • Typosquatting — registering misspellings of real brands (amaz0n.com).
  • Combosquatting — adding trust words: apple-account-verify.com.
  • Homograph / IDN attacks — Unicode characters that render identically to Latin letters.
  • Subdomain spoofing — paypal.com.attacker.net, where the brand is only a subdomain.

Redirection and obfuscation

  • Open redirects — abusing a trusted site's ?url= parameter to bounce you to a malicious page.
  • Numeric / hex IP hosts and long encoded blobs that hide the true destination.
  • Free hosting and site builders used to stand up throwaway phishing pages quickly.

Delivery pressure

Urgency (\"account suspended\"), authority (\"IT department\"), and fear are used to rush you past your instincts. Slow down: legitimate organisations do not ask for passwords by link.

Check any link safely

Our URL safety checker automatically tests for every technique above — typosquatting, homographs, open redirects, dangerous schemes, young domains and vendor reputation — so you get a clear verdict before you click.

Put this into practice
Run a free, private scan — no login, nothing stored.
🛡 Web Scan 🔒 SSL/TLS 📬 MX & Email 🎣 URL Check

Related articles

Phishing How to Spot a Phishing URL Before You Click Phishing links rely on small visual tricks. Learn the red flags and how to check a link safely. Phishing How to Safely Check a Suspicious Link Without Clicking It Never click a link you are unsure about. Here is how to inspect a URL safely and what a scanner checks for you.
SiteAlertAI · © 2026 All rights reserved · Built for security professionals and developers.
Blog Privacy Terms About Contact Social

⚠ For authorised security testing only. Scanning domains you do not own may violate laws in your jurisdiction. SiteAlertAI accepts no liability for misuse. CVE data is indicative — verify with NVD.