The tricks, named.

Short, honest write-ups of the phishing scenarios IP Tracker checks for, written by the people who built the detector. No fear-mongering, no jargon, no promises we can't keep.

Start here
Got a suspicious email? How to check the sender in one minute

The bold sender name is free text: anyone can be "PayPal Support". A six-check, one-minute routine for finding out who really sent that email, and where IP Tracker fits in.

Known scenario ยท Letter swaps
paypa1.com: the letter-swap trick your eyes can't catch

One character separates paypal.com from paypa1.com, and in many fonts you can't see it at all. A plain-English look at the letter-swap trick and how to check for it.

Known scenario ยท Typos
paypall.com: one letter off, one convincing fake

Read paypall.com fast and your brain sees PayPal. How typo domains hide behind skim-reading, and a ten-second letter-by-letter check that breaks the trick.

Known scenario ยท Fake subdomains
paypal.com-secure-login.info: read the domain right to left

That link really says paypal.com, and it still isn't PayPal. How scammers bury real brand names inside addresses they own, and the reading habit that spots the trick.

Known scenario ยท Domain age
Registered 3 days ago: what a domain's age tells you

The email claims twenty years of history; the domain was registered on Tuesday. How to check a domain's age, and how to read it without jumping to conclusions.

Known scenario ยท Other alphabets
The apple.com you can't see: lookalikes from another alphabet

A domain can look exactly like apple.com and be something else entirely, one letter borrowed from another alphabet. Here's how the invisible lookalike trick works and how to unmask it.

Know your signals
What Google's dangerous-sites list catches (and what it doesn't)

The red warning screen is a strong signal. No warning isn't a clean bill of health. What Google's dangerous-sites list catches, what slips through, and how to layer your checks.