via Krebs on Security
"Savvy readers here no doubt already know this, but to find the true domain referenced in a link, look to the right of “http(s)://” until you encounter the first backward slash (/). The domain directly to the left of that first slash is the true destination; anything that precedes the second dot to the left of that first slash is a subdomain and should be ignored for the purposes of determining the true domain name."
"For instance, in the case of the imaginary link below, example.com is the true destination, not apple.com: https://www.apple.com.example.com/findmyphone/" more
Double checking links before clicking can save you from sleeping with the phishers. Hover over links, but don't click, to see where you might be going.