URL protection

Fake Link Checker: suspicious URL and phishing link scanner

Paste or review a fake link, short URL, KYC page, UPI payment link, courier update, refund page, APK download page or login URL before you click. ScamScan cannot guarantee safety, but it helps you spot the risk signals that should make you stop and verify through official routes.

Scan a link now Back to all tools

Best for risky links

Use it for KYC, courier, refund, and login pages before anyone opens them.

URL Risk Checklist

Run these checks before you click, pay or enter details

Domain match: compare spelling, hyphens, numbers, subdomains and the real brand domain opened by you.
Final destination: expand short links where possible and check whether the page redirects to a different domain.
Data asked: stop if the page wants OTP, UPI PIN, CVV, password, Aadhaar OTP, PAN scan, selfie video or screen share.
Payment route: treat personal UPI IDs, release fees, courier fees, refund verification, crypto or gift cards as high risk.
Source pressure: SMS, WhatsApp, Telegram, email, ads or calls using urgent KYC, account freeze, delivery, challan, refund or job logic need outside verification.

A clean result is not a promise of safety. Use this as a stop-or-verify decision aid, then confirm through official channels.

Fast Examples

Short link and fake-domain patterns to watch

Short links: examples like bit.ly/kyc-update, tinyurl.com/refund-help or short.link/courier-fee hide the final destination until opened or expanded.

Lookalike domains: examples such as sbi-kyc-update.example, paytm-refund-help.example, india-post-delivery.example and upi-verify-bank.example show the pattern without pointing to live scam pages.

Brand-name trap: if the real registered domain is not the official brand domain, words like bank, KYC, refund, support or delivery in the path do not make it official.

Scan a link now Read suspicious-link guide

Phishing Link Scanner

What ScamScan is looking for

Signal	Why it matters
Fake login page	Bank, email, social, wallet or courier login pages opened from messages can steal credentials and OTP.
UPI or payment link	Refund, verification, challan, release fee or KYC flows often move money to a personal account or fake merchant.
APK or file download	Unknown APK files can request SMS, notification, accessibility, screen or device permissions.
Short-link redirect	A shortened link can hide the final host, tracking path, fake domain or malicious download page.
Urgency script	Account block, KYC expiry, parcel return, police notice, tax refund or job fee pressure reduces verification time.

Official Next Steps

If the URL looks risky, move outside the link

Open the real app or typed official domain yourself instead of trusting the message link.
If money moved recently, contact the bank, wallet or payment provider first and use 1930 quickly.
For formal complaint trail, use cybercrime.gov.in with the same URL, sender, payment and timeline proof.
Report phishing pages to the impersonated brand, email provider, browser safe-browsing route or hosting platform where relevant.

Open the closest ScamScan route next

Proof Pack

Save this before blocking, deleting or reporting

Full URL and final URL
Copy the exact link, expanded destination, redirects, domain spelling, path and any tracking parameters if visible.
Message source
Save sender number, email, WhatsApp or Telegram handle, ad screenshot, call time, group invite, and the exact text that pushed the link.
Money or account details
Keep UPI ID, bank account, merchant name, QR screenshot, amount, UTR/reference, ticket number and any login or OTP prompt screenshots.
Official follow-up trail
Record bank, wallet, platform, 1930, cybercrime.gov.in, police or cyber cell acknowledgement IDs in one timeline.

FAQ

Fake link checker questions

Can ScamScan guarantee that a link is safe?

No. ScamScan can flag risk signals and help you choose safer next steps, but no public checker can guarantee that a link, payment page, login page or short link is safe.

How do I check a suspicious URL before clicking?

Copy the link carefully, check the domain spelling, expand short links when possible, compare it with the official app or typed website, and avoid entering OTP, UPI PIN, passwords or card details on a page opened from a message.

Does HTTPS mean a phishing link is safe?

No. HTTPS only encrypts the connection. A scammer can still use HTTPS on a fake domain, lookalike page, KYC form, refund page or payment link.

What are common fake domain warning signs?

Extra words, hyphens, numbers, misspellings, unofficial subdomains, urgent KYC paths, random file downloads, and brand names placed before a different real domain are common warning signs.

How should I check a short link scam?

Do not open it on your main account if it came from SMS, WhatsApp, Telegram, email or ads. Expand the final destination using a safer preview route if available, then verify the final domain against the official app or website.

What should I do with a UPI or KYC link scam?

Do not enter OTP, UPI PIN, card CVV, netbanking password, Aadhaar OTP or document scans. Open your bank or wallet app yourself, save proof, and report through official bank, 1930 or cybercrime.gov.in routes if money or account access is affected.

Should I install an APK from a link after a URL scan?

No. Avoid APKs from message links or unknown websites, especially for KYC, courier, loan, refund, support or job flows. Use official app stores or the real provider website opened by you.

What proof should I save before reporting a phishing link?

Save the full URL, expanded final URL, screenshots, sender number or handle, chat message, payment demand, UPI ID, file name, time, transaction reference and any account or bank ticket number.