Think you've been scammed or hacked right now?

Get help

Online safety help

A safer way to check suspicious links and emails.

Cactus helps everyday users understand whether a link or email looks suspicious. Paste a URL or an email body and get a clear confidence score, explanation, and recommended next step.

Check a link Check an email

New here? Start here →

Free Bilingual (EN/FR) No signup Privacy-first

Choose a check

Link check

Paste a URL to scan it for phishing, lookalike domains, and risky redirects.

Email check

Check a suspicious email for phishing links, urgency tactics, and spoofed senders.

Scam Text Checker

Paste a suspicious text or message to spot scam signs.

QR code check

Decode a QR image and inspect the link inside before you visit it.

Batch check

Scan up to 20 links at once and get a risk score for each.

SSL/TLS check

Inspect a site's certificate, protocol, and overall security grade.

Email auth

See whether a domain is protected against spoofing with SPF, DKIM, and DMARC.

Password check

Check whether a password has appeared in known data breaches - privately, without it leaving your device.

Security headers

Grade any website's HTTP security headers - HSTS, CSP, and more - and see what's missing.

Look-alike domains

Find the typo and look-alike domains that could impersonate a brand - and which are live.

Certificate search

Discover a domain's subdomains and every TLS certificate ever issued, from public CT logs.

IP Reputation

Look up who owns an IP and whether it's on spam/abuse blocklists.

Scam of the week

Marketplace scam

The fake Interac e-Transfer scam

A "buyer" on Marketplace or Kijiji says they paid by Interac e-Transfer, then a fake "on hold" email asks you to click a link or pay a fee to release the funds.

Read this week's alert See all scam alerts

1. Paste a link or email

Copy a URL or the body of a suspicious message and paste it into Cactus.

2. Get a score

Cactus looks for common warning signs — lookalike domains, urgency wording, known unsafe matches — and gives a confidence percentage.

3. Learn what to do

You get plain-language reasons and a recommended next step before you click.

Frequently asked questions

Is Cactus Security free to use?

Yes. Every tool on Cactus is free and bilingual, with no account or sign-up required. If you find it useful, you can support the project with a small donation.

How do I check if a link is safe?

Paste the URL into the link checker. Cactus inspects it for phishing signs, lookalike domains, suspicious redirects, the domain's age, and matches against threat-intelligence sources, then gives a clear safety score.

What should I do with a suspicious email?

Don't click any links or download attachments. Paste the email into the email checker, which analyzes its links, urgency wording, and sender headers, and explains the risks in plain language.

What is phishing?

Phishing is a scam where attackers impersonate a trusted person or company to trick you into clicking a malicious link, entering a password, or sharing personal information. Cactus helps you spot these attempts before you act.

Does Cactus store the links or emails I check?

Cactus processes each check on the server to produce your result and doesn't require an account. See the Privacy page for exactly what each tool sends to third parties and what is kept.