Mouse over on the hyperlink will show you the intended web address to reach.
Traditionally, this is used to understand what web site will be visited. However, this “defense” mindset has to be changed. The displayed link should not be trusted because it can be masqueraded.
All the demo URL should be non-reachable as there are no such Domain Names registered. To limit malicious people registering my demo URL to launch real attack, the .gov gTLD is chosen.
It is no harm to click below but not in other unknown sources.
Are you reaching the expected “www.trusted-site.gov” as seen via mouse over?
Here, implicit assumptions made are:
1. Public DNS is not poisoned. If it does, the attack will also be in other trusted sites and not only this specific phishing target.
2. Local host table isn’t compromised. If attacker is able to reach the system folder to modify the host table, there is no point to launch phishing attack (require victim to click the link) like this. Attacker has already taken control of the computer and can do anything at wish.