Email Phishing Checker
Analyze suspicious emails and identify common phishing techniques. Paste the email body or any links from the email — we detect brand spoofing, fake login pages, and malicious redirects.
Examples: a short link from a text message, a delivery notification SMS, or an email asking you to "verify your account"
🔒Privacy details— no data stored, no tracking
Analyzed locally
- ✓Message text
- ✓URL parsing
- ✓Brand detection
- ✓QR image decoding
- ✓Risk scoring
Sent to server
- →Redirect resolution — HEAD request only, page not downloaded
- →Domain age lookup — domain name only, no URL path or message
Never sent
- ✓Message content
- ✓QR image or screenshot
- ✓Email attachments
- ✓Personal information
Paste a suspicious link, message, or QR code to begin analysis.
Try an example:
Your links never leave your browser.
Everything runs locally. We never see what you paste.
Know in seconds whether to trust it.
Results appear immediately — no waiting, no loading screens.
Get answers without creating an account.
No email. No password. No sign-up. Just open and use.
How it works
- 1
Paste the email content or link
Copy and paste the email body, or just the suspicious link from the email, into the analyzer.
- 2
We check for phishing signals
We analyze brand impersonation, urgency language, link destinations, domain age, and redirect chains.
- 3
Get a detailed breakdown
Receive a specific explanation of what makes the email suspicious, with recommended actions.
What we analyze
- Fake bank and financial service alerts
- Microsoft and Google account scams
- Account suspension and password reset fraud
- Invoice fraud and payment requests
- Government and tax authority impersonation
- Delivery notification phishing
- Links hidden behind redirect services
- Brand lookalike domain detection
- Subdomain impersonation techniques
- URL encoding and obfuscation
Examples
Microsoft account security alert
Your Microsoft account will be disabled. Verify immediately: microsoft-security-alert.net
Impersonates Microsoft with urgent account threat language. The domain microsoft-security-alert.net is not a Microsoft domain.
PayPal payment declined
Your PayPal payment of £89.99 was declined. Update your payment method: paypal-secure-verify.com
Uses a fake PayPal-branded domain. PayPal payments and account pages always use paypal.com.
Fake invoice from an unknown sender
Please find attached invoice INV-2024-8821. Confirm payment at: invoice-payment-portal.net
Invoice fraud targeting businesses. Legitimate invoices come from known contacts with verifiable domain names.
Frequently Asked Questions
How do I tell if an email is phishing?
Check the sender's actual email address (not just the display name), look for urgent language or threats, verify any links using 2check.click before clicking, and be suspicious of unexpected requests to verify your account or make a payment. Legitimate companies do not send unsolicited links to login or payment pages.
What is email spoofing?
Email spoofing is when an attacker forges the 'From' address in an email to make it appear to come from a trusted source. The display name can show 'PayPal' or 'Microsoft' even when the actual sending domain is completely different. SPF, DKIM, and DMARC authentication records are designed to prevent spoofing, but many email providers do not enforce them strictly.
What are the signs of a fake Microsoft email?
Fake Microsoft emails typically include: urgent language about account suspension or unusual sign-in activity, links to domains other than microsoft.com, login.microsoftonline.com, or microsoft365.com, poor grammar, and requests to 'verify' or 'confirm' your identity. Microsoft sends security alerts from microsoft.com — any other domain is suspicious.
What should I do if I clicked a link in a phishing email?
Close the tab immediately without entering any information. Change your password on the real website straight away. Enable two-factor authentication if you have not already. If you entered banking details, contact your bank immediately. Run the link through 2check.click to understand what was detected.
Why do phishing emails look so real?
Modern phishing emails copy the exact HTML templates, logos, and design of legitimate companies. Attackers also use email spoofing to make the sender address look authentic. The main giveaway is usually the link destination — which 2check.click checks for you — or slight domain name variations that are easy to miss.
What is the difference between phishing and spear phishing?
Phishing is a broad attack sent to many recipients at once — like a mass delivery scam SMS. Spear phishing is highly targeted: the attacker researches a specific person or organisation and crafts a tailored message using real names, job titles, and context to make it more convincing. Business email compromise (BEC) attacks are a form of spear phishing.
How do attackers make fake emails look legitimate?
Attackers use: exact copies of real email templates (logos, colors, layout), email spoofing to forge the sender address, similar-looking domain names (e.g. micros0ft.com), lookalike subdomains (e.g. paypal.payment-secure.com), and URL shorteners or redirect services to hide the final destination.