Inspect phishing links and email headers
Check suspicious links, sender lines, raw email headers, and hidden Unicode clues locally before you trust a message.
Paste the suspicious content into the tool and review the evidence locally in your browser.
The problem
Phishing messages often hide their intent in Unicode tricks, misleading subdomains, display-name spoofing, or header mismatches. A local, explainable review helps you spot those indicators without sending the message anywhere.
Sample input
PayPal Support <service@example.example>Expected output
Strong spoofing indicators were found.
Review the sender domain, display name, and header alignment before you trust the message.How to do it
- Paste the suspicious link, sender, domain, or email header.
- Run the analysis in your browser.
- Review the risk summary and supporting indicators.
- Copy a Markdown or JSON report if needed.
Common mistakes
- Trusting a display name without checking the actual domain.
- Missing invisible Unicode characters copied from an email client.
- Clicking the link before inspecting it.
- Assuming a message is safe because it looks polished.
Related tools
FAQ
Does this check run locally?
Yes. The phishing inspector runs in your browser and does not upload the pasted content.
What should I paste here?
Paste a suspicious link, sender line, domain, raw email headers, or copied text.
Will it fetch the link?
No. The analyzer does not open or fetch suspicious URLs.
This guide uses browser-local tooling. Avoid pasting production secrets unless you understand what the tool displays and shares.
Continue with adjacent browser-based tools for the same workflow.
Phishing inspection: quick answer
Use this when a link, sender line, or raw header looks off. Paste the message artifact into the phishing inspector, review the local findings, then copy only the safe summary or evidence into your ticket or chat thread.
What to verify
Check for hidden Unicode, mismatched reply paths, misleading subdomains, punycode hostnames, credential-in-URL tricks, and brand impersonation. If you need to share the result, redact private data first and keep the message text out of URLs.
Recommended next steps
- Open Phishing Link & Email Inspector for the main task.
- Use Unicode Inspector for a second pass on hidden characters.
- Return to Use Cases to find other workflows for the same artifact.