How Tooltips Are Being Used For Phishing

How Tooltips Are Being Used For Phishing - credit card on the end of a fishing hook over computer keyboard

It’s important that you understand how tooltips are being used for phishing. First, I’ll explain terms and then I’ll outline the phishing process being used.



Are you familiar with the term tooltip? You probably see them all the time when you use a computing device but you might not know the term. Let’s say you receive an email which contains a link. If you move your curser over the link, without tapping or clicking, a small box may appear containing information. Something like this:

In the picture above, you can see the pop-up window showing the link for the “Order Now” button. That pop-up window is called a tooltip. In my YouTube video, “How To Tell If An Email Is Fake,” I demonstrate tooltips and clues for determining whether the links are legitimate.

Page Redirect

You need to know the term “page redirect” if you want to understand how tooltips are being used for phishing, Simply put, a page redirect makes a different web page appear than what you typed or clicked on. Let me share an example. If you attempted to use one of our old web page addresses, you’d be redirected to our current page. Why not take a second and try it? One of our old pages was If you click or tap that link, where do you wind up?


I’ve written a number of posts about “phishing” and I hope you’ve read them. However, for this post, we’ll use the Cisco definition of the term: “Phishing attacks are counterfeit communications that appear to come from a trustworthy source but which can compromise all types of data sources.”

How Tooltips Are Being Used For Phishing

Now that you understand all the terms involved, let me explain what hackers are doing. These black hats send emails with links. When you place your curser over the link, the tooltip shows a legitimate site, usually one you would have no trouble trusting. However, when you tap or click on the link, you are redirected from the legitimate site to a site which asks for personal or financial information. Since you probably trust the original site, you might be tempted to go ahead and share the info for which they are asking. At least, that’s what the bad guys are hoping will happen.

Avoid Being Taken To The Cleaners

The truth is, tooltips alone are not adequate indicators of a legitimate email. As I explained very clearly in the YouTube video I mentioned above, you need to look at all the areas of an email. Hackers are excellent at Social Engineering. With that in mind, you are much better off questioning an email rather than just clicking. Feel free to forward emails to us if you need a second opinion.

2 thoughts on “How Tooltips Are Being Used For Phishing

Comments are closed.