Module 4: C — Check the Landing
A link is a promise. Phishing links are promises designed to be broken after you've clicked. This module teaches you how to read the promise without ever cashing it in.
What You’ll Learn
Module 4 is the C in TRACE — Check the Landing. You’ve preserved the evidence and read the headers. Now the message is asking you to go somewhere. Before you do:
- Extract a link’s real URL without clicking it — hovering, copying, and inspecting are all free. Clicking is the one move you can’t undo.
- Recognize where a URL actually leads — including homograph attacks, where a domain written with one Cyrillic character looks identical to a Latin one and takes you to an entirely different server.
- Use sandboxes as safe proxies — web services that open a URL in an isolated browser and tell you what it does, so a robot takes the risk instead of you.
Modern AI makes phishing pages look perfect — pixel-for-pixel clones of real login screens. Your eye isn’t going to catch them on the rendered page. Your only leverage is at the link layer, before you land. That’s what this module is for.
Why This Module Exists
The most-repeated piece of security advice on the internet is “check the URL.” It’s not bad advice — but it assumes the URL you see is the URL you’d visit. Homograph attacks, redirect chains, @-symbol abuse, and subdomain trickery all exist to break that assumption. You can stare at a URL for an hour and still be wrong about where it leads. The techniques in this module fix that.