Verify Before You Click
A practical routine to validate websites, links, and profiles—without panic or guesswork.
What you’ll learn
This course teaches a simple, repeatable method to verify a link or website before you take action. You’ll learn how to slow down the decision, confirm identity, and check a few high-signal indicators— without needing technical tools or advanced knowledge.
Quick start
- Keep the checklist on your phone.
- Use it for emails, DMs, ads, and SMS links.
- If something feels off, verify through official support pages.
Lesson plan
Short, practical lessons with clear steps you can reuse.
Pause → Verify → Proceed: the 60-second routine you can reuse anywhere
The most dangerous messages aren’t always “obviously bad.” The real risk is speed. Scams often succeed because they push you into a quick decision: click now, confirm now, pay now, reply now. The goal of this lesson is to give you a simple routine that slows the moment down and replaces guessing with a repeatable process. You don’t need advanced tools. You need a habit.
What you’ll be able to do after this lesson
- Recognize when a message is “high-sensitivity” (the type that requires verification).
- Use a quick decision framework that reduces mistakes under time pressure.
- Verify through official channels instead of trusting the message link or instructions.
- Know when to proceed, when to pause, and when to stop and get extra confirmation.
Why scams often work (in plain language)
Most people think scam protection is about spotting “bad grammar” or “weird emails.” Sometimes that helps, but many real-world scam attempts look clean and professional. What stays consistent is the psychology: urgency, confusion, and a request for sensitive action. If you can interrupt that pattern, you reduce risk dramatically.
High-sensitivity actions
Treat any message as high sensitivity if it asks you to do one of these:
- Log in or re-authenticate
- Send money / approve a payment
- Share a code (SMS/2FA/OTP), password, or backup code
- Download software or install an extension/app
- Confirm identity details (ID, bank info, personal data)
Time-pressure signals
Time pressure is not proof of a scam, but it’s a strong reason to slow down:
- “Act now” or “limited time” framing
- Threat of consequences if you delay
- Unexpected contact about a problem you didn’t notice
- Request to move quickly to another channel (new email, new chat)
The 60-second routine (the exact steps)
Here’s the full routine. Read it once, then keep it as a short checklist you can repeat. The power is consistency: do the same steps every time the action is sensitive.
- Pause (5 seconds): Stop the automatic reaction. If it’s urgent, that’s exactly when you pause.
- Name the action (10 seconds): “This message wants me to log in / pay / download / share info.” Naming the action makes the risk clearer.
- Check the destination (20 seconds): Before clicking, look at where the link goes (domain). If you can’t confidently confirm it, don’t use it.
- Verify via official channel (20 seconds): Open the official app/site yourself (typed, bookmarked, or from the platform store) and find the same message/alert there.
- Proceed or stop (5 seconds): Proceed only when the information is consistent across official sources. If it’s inconsistent, stop and verify again.
What “official channel verification” looks like (practical examples)
Official channel verification means: you don’t follow the message’s path — you follow the platform’s path. This is one of the safest habits you can build.
If it’s about an account
- Open the official app
- Check notifications inside
- Review security settings
- Look for recent sign-ins
If it’s about a payment
- Open your bank/app directly
- Check transactions/status
- Confirm recipients carefully
- Pause if anything feels inconsistent
If it’s about support
- Use official help center
- Use in-app support if available
- Don’t rely on “support” links in messages
- Keep records of what you do
Safety note
This course is educational. It does not guarantee outcomes. If you’re dealing with an urgent account or payment issue, contact the relevant provider through their official website or in-app support.
Mini practice (2 minutes)
Read each scenario and decide: Proceed, Pause & Verify, or Stop. There’s no need for technical details — just apply the routine.
You receive an unexpected message asking you to log in to “confirm your account” before a deadline.
A message references an action you just took (for example, you actually requested a password reset).
Someone asks you to share a one-time code “to confirm your identity.”
A link offers a “quick fix” by downloading a tool or extension to “secure your account.”
Lesson summary
- Speed is the risk: your best defense is a repeatable routine.
- High sensitivity = verify: money, login, codes, downloads, identity info.
- Official channel wins: open the app/site yourself and confirm there.
Reading URLs the right way: what matters, what doesn’t, and how to avoid look-alikes
Many people decide whether to trust a link based on the logo, the page design, or the brand name written in the message. Unfortunately, those are easy to imitate. The part that’s harder to fake (and the part you should learn to read) is the destination: the URL, especially the domain name.
What you’ll be able to do after this lesson
- Identify the domain (the “real name”) of a website in seconds.
- Understand common look-alike tricks without needing technical tools.
- Recognize when shortened links and redirects increase uncertainty.
- Use safe alternatives when you can’t confirm a destination confidently.
The only part you must learn: the domain
A URL can be long and confusing. The domain is the key piece you’re verifying. In simple terms: the domain is the site’s identity. Everything else (page path, tracking parameters) can be changed.
URL structure (plain-language overview)
- Protocol: usually http / https (useful, but not a guarantee of legitimacy).
- Domain: the core website name (this is the main verification point).
- Subdomain: a prefix before the domain (can look official, but can also mislead).
- Path: everything after the domain (pages, folders).
- Parameters: long “?something=” parts (often tracking; can also hide intent).
Common look-alike patterns (high-level, safe examples)
Instead of giving copyable “bad” examples, we’ll focus on patterns. The goal is to recognize when a link is trying to look similar to a trusted brand without actually being that brand.
Pattern 1: Similar spelling
A domain may include a brand-like word but with small changes (extra letters, swapped characters).
- Extra letters or missing letters
- Look-alike characters (for example, characters that resemble each other)
- Hyphens added in unexpected places
Pattern 2: “Support/Verify” naming
Domains sometimes combine a trusted word with “support”, “verify”, “help”, “secure”, etc.
- Looks official in a message preview
- But the actual domain is not the official one
- Always verify via official channels if uncertain
Pattern 3: Shortened links
Short links hide the destination. That doesn’t automatically mean “bad,” but it does increase uncertainty.
- You can’t easily see the real domain
- They often redirect through multiple places
- Use official navigation when actions are sensitive
Pattern 4: Redirect chains
Some links bounce you through multiple domains. This can happen in legitimate tracking, but it also reduces clarity.
- Harder to confirm final destination
- More room for confusion
- Stop and verify if anything feels inconsistent
How to check a link safely (without “deep tech”)
You don’t need advanced tools to be safer. The simplest safe approach is: don’t rely on the message link. Verify by navigating yourself.
Safe navigation alternatives
- Use the official app: Check alerts inside the app, not via a message.
- Type the known official address: Use a saved bookmark or type it carefully.
- Use official support pages: Find support via the platform itself, not message links.
- Cross-check context: Do you see the same issue inside your account dashboard?
What NOT to trust (even if the page looks great)
A convincing design is not proof. Many pages can look professional. Focus on identity, not appearance.
- “Secure” labels or lock icons
- Brand logos and familiar colors
- Professional wording
- A page that looks identical to the real one
- Domain matches the official platform
- Verification inside the official app/account
- Consistent information across trusted channels
- No pressure to act immediately
Mini practice (3 minutes)
Decide what you should do. Choose: Proceed, Pause & Verify, or Stop. (No need to analyze deeply — apply the principles.)
You see a shortened link that asks you to log in to confirm something urgent.
A link looks professional, but you can’t confidently confirm the domain.
Lesson summary
- Domain is identity: verify where the link truly goes, not how it looks.
- Short links & redirects reduce clarity: use official navigation for sensitive actions.
- When unsure, don’t click: open the official app/site yourself and verify from there.
Official channels: how to verify safely without trusting the message path
“Official channels” is one of the most important safety concepts in this course. It simply means: you verify through a channel you already trust, rather than through a link or instructions provided in an unexpected message.
What you’ll be able to do after this lesson
- Know which verification routes are safest for accounts, payments, and support.
- Use a consistent method for confirming alerts and requests.
- Reduce risk from “urgent” messages without overthinking.
- Build a personal “trusted list” of verification steps you always follow.
Why official channels matter
A message can be forwarded, copied, or imitated. Even a phone number or email address can be spoofed in some contexts. Official channels reduce the surface area for confusion because they start from a known base: the official app, the official website typed/bookmarked by you, and the official support path.
Good verification channels
- Official mobile app (opened normally from your device)
- Official website you type or bookmark yourself
- Official support / help center linked from the platform itself
- In-app notifications and security settings
Risky verification paths
- Clicking links from unexpected messages
- Calling numbers provided inside a suspicious message
- Installing tools “to help verify” from unknown sources
- Continuing the conversation only within the attacker-controlled channel
The official-channel method (step-by-step)
Use this method whenever the requested action is sensitive (login, payments, personal info, codes).
- Stop using the message path. Don’t click, don’t reply with sensitive info.
- Open the official app/site directly. Use your normal route.
- Find the alert inside your account. Notifications, security, messages, transactions.
- Cross-check the details. Does the issue appear inside the official system?
- Only proceed if consistent. If not consistent, pause and use official support.
Three common verification workflows
Here are practical workflows you can apply. The point is not to memorize every detail — it’s to know the safe route.
Workflow A: Account alerts
- Open the official app/site
- Go to Security / Login activity
- Look for notifications inside the account
- Update password & enable 2FA if needed
Workflow B: Payment requests
- Open your bank/payment app directly
- Check transaction status inside the app
- Confirm recipient identity via trusted channel
- Pause if anything is inconsistent
Workflow C: Support & help
- Find official help center from platform itself
- Use in-app support where possible
- Keep a record of what happened
- Avoid “support links” from unexpected messages
A calm rule that works
If you can’t confirm the same issue inside the official app/site, treat the message as unverified and continue only through official support channels.
Mini practice (3 minutes)
A message says your account needs immediate verification and gives you a link.
Someone offers “support” but asks you to install a tool to help fix the problem.
Lesson summary
- Don’t follow the message path for sensitive actions.
- Verify inside the official app/site and cross-check details.
- If inconsistent, stop and continue only via official support routes.
Scenario workshop: apply the routine to real-life situations
Skills become habits through repetition. In this workshop, you’ll practice using the same method across multiple situations: account alerts, payments, marketplace deals, ads, and “support” conversations. The goal is not to be paranoid — it’s to be consistent when the action is sensitive.
Your objective in this lesson
- Practice Pause → Verify → Proceed across multiple contexts.
- Learn “stop points” — moments where you should pause automatically.
- Build a simple decision tree you can follow without overthinking.
The decision tree (simple version)
- Is the action sensitive? (login, payment, codes, downloads, personal data)
- Is it unexpected or urgent? If yes, slow down.
- Can you verify inside the official app/site? If no, pause.
- If uncertain, stop and switch to official support.
Scenarios (practice set)
For each scenario, choose one: Proceed, Pause & Verify, or Stop. Then read the recommended response.
Scenario 1: Unexpected account alert
You receive an unexpected alert asking you to “confirm” something important.
- Open the official app/site directly.
- Check notifications/security settings inside.
- Proceed only if the same alert exists there.
Scenario 2: Payment request with urgency
Someone asks you to pay quickly and provides a link or instructions.
- Verify recipient identity through a trusted channel.
- Use your bank/payment app directly.
- If uncertain, do not proceed.
Scenario 3: “Support” reaches out first
Someone claims to be support and asks for details to help.
- Stop the conversation path and use the official help center.
- Never share passwords or one-time codes.
- Confirm support through in-app channels if possible.
Scenario 4: Download request
You’re asked to download a “tool” to fix or secure something.
- Avoid installing from unexpected messages.
- Use official app stores and official support guidance.
- When unsure, consult official help resources.
Your personal checklist (save this)
- Sensitive action? Pause automatically.
- Unexpected or urgent? Verify through official channel.
- Can’t confirm domain? Don’t click.
- Asked for codes/passwords? Stop and use official support.
- Asked to install tools? Stop and verify independently.
Lesson summary
- Practice makes it automatic: use the same routine every time.
- Decision tree reduces stress: sensitive + urgent = verify.
- When uncertain, stop: switch to official app/site/support channels.
Incident checklist: what to do when something feels off (calm, practical, step-by-step)
This lesson is about response — not panic. Sometimes you click a link, reply to a message, or share information and only later realize it might be risky. The goal here is to give you a structured plan you can follow in a calm way: what to do first, what to document, and how to reduce further risk.
What you’ll be able to do after this lesson
- Classify the incident (account, payment, device, identity) and choose the correct response path.
- Take immediate actions that reduce risk without making things worse.
- Collect clean documentation that helps official support review your case faster.
- Set up safer defaults (passwords, 2FA, notifications, device hygiene) for the future.
Step 1: Identify what type of incident this is
You don’t need to fully understand what happened to respond well. You only need to identify the category. Use this simple classification:
Account incident
- Unexpected login alerts, password reset attempts, new devices
- Messages sent from your account you didn’t send
- Security settings changed without you
Payment incident
- Unexpected charges, transfers, or invoices
- Payment instructions that now seem suspicious
- Requests to pay using unusual methods
Device incident
- Unexpected pop-ups, new extensions/apps, unusual behavior
- Security software warnings
- Downloads you didn’t intend
Identity incident
- You shared personal data (ID info, address, banking details)
- You’re worried your info could be used elsewhere
- Multiple accounts get targeted after sharing details
Step 2: Do the “stop the bleeding” actions (safe first moves)
The goal is to prevent further damage. Don’t negotiate, don’t “test” suspicious links, and don’t continue the conversation inside the same channel. Move to official tools and official support.
Immediate actions checklist
- Stop interacting with the suspicious message, link, or account.
- Switch to official channels (official app/site opened normally).
- Change passwords for affected accounts (use strong, unique passwords).
- Enable 2FA wherever available, preferably an authenticator app.
- Review active sessions and log out of devices you don’t recognize.
- Check forwarding rules (email) and connected apps (account permissions).
Step 3: Document what happened (clean evidence that helps support)
Support teams work faster when you provide clear, structured information. The goal is not a huge story — it’s a clean timeline and the key identifiers.
Capture these details
- Date/time (approx.)
- Channel (email, SMS, social message, ad)
- What action happened (clicked, logged in, paid, shared info)
- Any account alerts you saw afterward
Best evidence types
- Screenshots of the message (with visible sender context)
- Transaction references from official apps
- Security alerts inside your account
- List of affected accounts/services
Step 4: Choose the right escalation path
Different incident types require different next steps. Use the appropriate official support route and keep your documentation ready.
If it’s an account incident
- Use in-app security tools (logout sessions, reset password)
- Check connected apps/permissions
- Contact official support if access is lost
If it’s a payment incident
- Contact your financial provider via official channels
- Report unauthorized transactions promptly
- Keep transaction IDs and timestamps
If it’s a device incident
- Remove unknown extensions/apps
- Update OS and browser
- Run trusted security scans
Important note
This course is educational and cannot guarantee outcomes. For urgent account or payment issues, contact the relevant provider using their official app, official website, or official support route.
Mini practice (3 minutes): build your personal incident plan
Write (even in notes) your “default response plan” in 5 lines. This prevents panic and saves time later.
- My first action when I feel unsure is: Pause and stop interacting.
- I verify using: official app/site opened normally.
- I secure accounts by: password + 2FA + logout sessions.
- I document: timeline + screenshots + transaction/security references.
- I escalate via: official support channels only.
Lesson summary
- Classify the incident (account, payment, device, identity) so you act correctly.
- Stop the bleeding first (official channels, secure accounts, reduce access).
- Document cleanly to help support review faster.
Downloadable checklist (copy & use)
A short checklist you can keep in notes or print. No tools required.
The “Verify Before You Click” checklist
- Pause. Don’t click immediately—especially if it feels urgent.
- Identify the action. Login, pay, download, share codes, confirm identity?
- Check the destination. Look at the domain and spelling (not the logo).
- Avoid shortcuts. Be cautious with shortened links and redirects.
- Use official channels. Open the app/site directly and verify inside.
- Proceed only if consistent. If anything conflicts, pause and verify again.
FAQ
Clear answers to common questions.