Devices and HardwareGamingSecurity and PrivacyContact UsAbout Us

How to See If a Link Is Safe Before You Click

Clicking an unknown link is one of the easiest ways to end up on a phishing site, trigger a malware download, or hand over your credentials to a scammer. The good news is that checking a link before you click it is entirely doable — and doesn't require advanced technical skills. The tricky part is knowing which method fits your situation, because the tools and signals that matter most vary significantly depending on how you're browsing, what you're trying to protect, and how much risk tolerance you have.

Why Links Can Be Dangerous

A URL is just an address — but that address can be disguised, shortened, or deliberately misleading. A link might look legitimate at a glance while actually pointing somewhere completely different. Common threats include:

  • Phishing sites — fake pages designed to look like real login screens (banks, email providers, social platforms)
  • Drive-by downloads — pages that automatically push malware to your device when loaded
  • Redirect chains — links that pass through multiple domains before landing somewhere harmful
  • Typosquatting — URLs that closely mimic trusted domains with subtle misspellings (e.g., paypa1.com instead of paypal.com)

Understanding what you're looking for is the first step before reaching for any tool.

Read the URL Itself First 🔍

Before using any external checker, look at the raw link. Most browsers and email clients let you hover over a link to see the actual destination in the status bar at the bottom of the screen.

Key things to inspect:

  • The domain name — the real destination is the part immediately before the first single slash (e.g., in secure.login.fakebank.com/verify, the actual domain is fakebank.com, not secure.login)
  • HTTPS vs HTTP — HTTPS means the connection is encrypted, but it does not mean the site is trustworthy. Fraudulent sites use HTTPS too
  • Shortened URLs — services like bit.ly, tinyurl.com, or t.co completely hide the destination. These always warrant extra scrutiny
  • Unusual characters or hyphens — legitimate company domains rarely need hyphens or appended words like -secure, -login, or -verify

Use a Link-Checking Tool

Several free tools let you submit a URL and get a safety assessment before visiting it.

ToolWhat It Checks
Google Safe Browsing (via transparencyreport.google.com/safe-browsing/search)Known malware and phishing sites in Google's database
VirusTotal (virustotal.com)Scans the URL against 70+ security vendor databases simultaneously
URLScan.ioRenders the page in a sandbox and shows you what it loads, including redirects and scripts
Norton Safe WebReputation-based assessment using Norton's threat intelligence
CheckPhishSpecifically tuned for detecting phishing pages

VirusTotal is generally the most comprehensive for a quick multi-vendor check. URLScan.io is particularly useful when you want to see what a page actually does without visiting it yourself — it screenshots the page and logs all network requests.

One important caveat: these databases are updated continuously but are never exhaustive. A newly created malicious site may not yet appear as flagged. A clean result reduces risk but doesn't eliminate it.

Expand Shortened Links

If a link uses a URL shortener, you can preview the destination before following it:

  • Add a + to the end of most Bitly links (e.g., bit.ly/examplelink+) to see the destination and stats
  • Use GetLinkInfo.com or UnshortenIt to expand any shortened URL into its full destination
  • Some browser extensions automatically expand shortened links on hover

Once you can see the full URL, apply the same inspection steps described above.

Check Your Browser's Built-In Protections

Most modern browsers include real-time phishing and malware protection:

  • Google Chrome uses Google Safe Browsing, with an "Enhanced Protection" mode that provides more aggressive real-time checks
  • Mozilla Firefox also uses Google Safe Browsing by default
  • Microsoft Edge includes Microsoft Defender SmartScreen, which checks URLs against Microsoft's threat intelligence
  • Safari uses Google Safe Browsing on iOS and macOS (with some privacy-preserving modifications on Apple platforms)

These protections work in the background and will warn you before loading a flagged page. However, they rely on databases of known threats — zero-day phishing sites created in the last few hours may not yet be indexed.

Consider the Context the Link Arrived In 🚨

The channel through which a link reaches you is one of the most reliable risk signals:

  • Unsolicited emails asking you to log in, verify your account, or claim something — treat these as high risk regardless of how official they look
  • Direct messages from people you know on social platforms — accounts get compromised; your friend may not have actually sent that link
  • SMS links claiming to be from delivery services, banks, or government agencies — a very common phishing vector
  • Links in comment sections, forums, or social posts — lower barrier to posting means higher likelihood of spam or malware

Even links from trusted sources can be problematic if those sources have been compromised. Context reduces but doesn't eliminate risk.

What Security Software Adds

Antivirus and endpoint security tools with web filtering modules add another layer by intercepting link resolution at the network level. This means even if you accidentally click a bad link, the software can block the connection before your browser fully loads the page. Browser extensions from security vendors can also provide real-time link reputation scores directly in search results or email views.

The effectiveness of this layer depends heavily on how current the software's definitions are, which operating system you're on, and whether web protection is actually enabled — it's often not turned on by default in every configuration.

The Factors That Determine Your Actual Risk

No single tool or method is sufficient on its own. How much protection you need — and which approach is most practical — depends on factors specific to your situation:

  • Your device and OS — mobile browsers have fewer extension options than desktop; iOS has different security architecture than Android
  • Where you encounter links most often — email, social media, SMS, and the web each have different risk profiles and different available tools
  • Your technical comfort level — some tools (like URLScan.io) surface detailed technical information that's only useful if you know how to interpret it
  • What you're protecting — someone with access to sensitive financial or business accounts has a meaningfully higher reason to verify carefully than someone casually browsing

The same link, checked by two people with different setups and habits, can represent very different levels of practical risk.