How to Hover Over a Link Without Clicking
In the world of online scams, the link is the trapdoor. One click can lead to a fake login page that steals your password, a download that installs ransomware, or a site that harvests your credit card details. But there is a simple, powerful technique that anyone can use to expose these traps before springing them: hovering.
Hovering over a link means placing your mouse cursor over the clickable text or button without actually pressing the button. On most computers, after a second or two, a small box will appear near the cursor showing the true destination web address. That box might reveal something like “http://192.168.1.105/login” or “bit.ly/3xP2Qr” instead of the legitimate “www.chase.com.” This difference is often the only clue you get that the message is a phishing attempt.
Why does this matter for middle-class Americans aged 45 to 64? Because you are prime targets. Scammers know you likely have savings, a home, retirement accounts, and less familiarity with the technical tricks used to fake a link. They also know you are busy and may click first and think later. A single click on a malicious link can drain your checking account, lock you out of your email, or trick you into wiring money to a fake charity.
The hover trick works on emails, websites, social media posts, and even text messages displayed on a computer. It does not work on smartphones or tablets because there is no mouse cursor. On a phone, you must press and hold the link until a preview menu pops up. That menu shows the real address before you choose to open it. Always check that preview.
Here is how scammers hide their true links. The text you see—“Secure Login” or “Track Your Package”—is just a label. Behind that label is a hyperlink, a piece of code that tells your browser where to go. A dishonest hyperlink can say one thing in the text and point somewhere completely different. This is called “link masking” or “link cloaking.” It is the oldest trick in the phishing playbook, and it still works because most people never look behind the text.
Another version of this trick uses shortened links. Services like Bitly or TinyURL shrink long web addresses into short ones like “bit.ly/2fG7H.” You cannot tell where those addresses lead unless you click, which is why scammers love them. Always hover over a shortened link. If the preview shows an unfamiliar domain or a string of numbers, treat it as suspicious.
What should you do when hovering reveals a suspicious destination? First, do not click. Second, close the email or message. Third, go directly to the company website by typing the address yourself into your browser, not by clicking any link. If the message claimed to be from Amazon, open a new tab and type amazon.com. If the message claimed to be from the IRS, remember that the IRS does not initiate contact by email. You can also call the company using a phone number you know is legitimate, not one in the suspicious message.
Hovering is not a silver bullet. Some sophisticated phishers register fake domains that look almost identical to real ones, like replacing a lowercase “l” with a capital “I.” You need to read the preview carefully. Others use “homograph attacks” where foreign characters look like English letters. Still, hovering catches the vast majority of low-effort phishing attempts, which are exactly the ones aimed at busy consumers.
In the Phishing Hall of Shame, the link is the villain. It pretends to be your friend, your bank, your doctor, or your delivery service. But with one simple hover, you can unmask it. Teach your spouse, your parents, your adult children. Make hovering a habit before clicking anything that asks for personal information, money, or login credentials. In a world where scams get more convincing every day, that two-second pause might be the difference between a secure account and a financial disaster.
Scam Watch
Protect it before they take it.
Fake Elon Musk Twitter Threads and Blue Checks
Why You Should Never Reply "STOP" to Spam
