How to Check if a Link Is Safe Before Clicking: The Complete 2026 Guide

Every day, billions of links flow through email inboxes, text messages, and social media feeds. Some lead exactly where they promise. Others lead to phishing pages, malware downloads, or scam sites designed to steal your money and identity. Knowing how to check if a link is safe before clicking is no longer an optional skill — it is a baseline part of staying secure online.

This guide walks you through every reliable method security professionals use to verify links, including free online scanners, browser-based checks, and visual red flags that expose malicious URLs in seconds.

What Does It Mean for a Link to Be "Safe"?

A safe link is one that leads to its stated destination, uses encrypted transport (HTTPS), is not hosted on a domain associated with phishing or malware, and does not silently download files or execute scripts intended to harm you. Verifying safety means confirming these conditions before the page loads in your browser.

Unsafe links typically fall into one of these categories:

• Phishing links — clones of legitimate login pages that capture your credentials.
• Malware delivery links — pages that drop trojans, ransomware, or spyware.
• Scam links — fake prize, romance, or investment pages.
• Tracking/redirect chains — links that pass you through multiple servers harvesting data.
• Typosquatting — domains like "paypa1.com" or "arnaz0n.com" imitating real brands.

7 Quick Ways to Check if a Link Is Safe

Here is a fast checklist you can run through in under a minute before clicking any suspicious URL.

1. Hover before you click. On desktop, hovering over a link shows the real destination in the bottom-left corner of your browser. On mobile, press and hold the link to preview the URL.
2. Inspect the domain carefully. Look at the part right before the first single slash. "secure-login.paypal.com" is PayPal. "paypal.secure-login.com" is not.
3. Check for HTTPS. The padlock means the connection is encrypted — it does not mean the site is trustworthy, but its absence is a strong red flag.
4. Run it through a URL scanner. Tools like VirusTotal, URLVoid, or Google Safe Browsing analyze the link against dozens of threat databases.
5. Expand shortened links. Use a link expander to see the final destination before you visit.
6. Look for spelling errors. Misspelled brand names, extra hyphens, and odd top-level domains (.xyz, .top, .click) often signal scams.
7. Verify the sender. If the link arrived by email or DM, confirm the message is genuinely from the person or organization it claims to be from.

How to Read a URL Like a Security Analyst

Understanding URL structure is the single most useful skill for evaluating links. A URL has predictable parts, and attackers exploit the parts most people misread.

The Anatomy of a URL

Take this example: https://accounts.google.com/signin?next=mail

• https:// — the protocol (encrypted).
• accounts — a subdomain.
• google.com — the registered domain (this is what really matters).
• /signin — the path.
• ?next=mail — query parameters.

Attackers love to disguise their domain inside subdomains or paths. A link like https://google.com.account-verify.ru/login is not Google — the real domain is account-verify.ru. Always read from right to left, stopping at the first single slash.

Common Tricks Attackers Use

Trick	Example	What's Wrong
Subdomain spoof	apple.com.login-secure.net	Real domain is login-secure.net
Typosquat	microsft.com	Missing letter in "microsoft"
Homograph	аpple.com (Cyrillic "а")	Different alphabet, identical look
Wrong TLD	amazon-support.help	Amazon uses .com, not .help
Excessive hyphens	secure-paypal-login-now.com	Legit brands rarely chain hyphens

The Best Free Tools to Scan a Link

When in doubt, run the URL through an automated scanner. These services compare the link against millions of known malicious sites and often perform live analysis.

1. Google Safe Browsing

Google maintains one of the largest lists of unsafe sites on the internet. Visit transparencyreport.google.com/safe-browsing/search, paste the URL, and get an instant verdict. Chrome, Firefox, and Safari all use this database in the background.

2. VirusTotal

VirusTotal scans the URL using more than 70 antivirus engines and threat intelligence services. Paste the link at virustotal.com/gui/home/url and review the results. Even if just two or three engines flag the URL, treat it as suspicious.

3. URLVoid and URLScan.io

URLVoid checks reputation across dozens of blocklists. URLScan.io goes further — it loads the page in a sandbox, takes a screenshot, and reveals every script, redirect, and connection the site attempts. This is what professional analysts use.

4. PhishTank

A community-driven database of confirmed phishing URLs. Especially useful for checking links that mimic banking and email providers.

Quick Comparison

Tool	Best For	Speed	Depth
Google Safe Browsing	Quick yes/no check	Instant	Low
VirusTotal	Multi-engine consensus	10–30 sec	High
URLScan.io	Full behavioral analysis	30–60 sec	Very high
PhishTank	Phishing-specific lookup	Instant	Medium

How to Safely Check Shortened Links

Shortened links from services like bit.ly, t.co, tinyurl, or branded shorteners hide the destination by design. That convenience cuts both ways: legitimate marketers use them for cleaner sharing, while scammers use them to mask phishing pages.

To reveal the real destination without visiting the page:

1. Use a link expander. Sites like CheckShortURL, Unshorten.it, or GetLinkInfo follow every redirect and show you the final URL plus any warnings.
2. Add a preview character. For bit.ly links, add a "+" to the end (e.g. bit.ly/abc123+) to see a preview page instead of redirecting.
3. Choose trustworthy shorteners. Reputable services actively block malware, scan destinations, and remove abusive links. Privacy-focused shorteners like Lunyb apply automated safety checks before generating short URLs, which reduces the chance of malicious links being served through the platform.

If you're choosing a shortener for your own links, our 2026 buyer's guide to URL shorteners compares safety features, analytics, and pricing across the top providers.

Red Flags That Should Always Make You Pause

Even without tools, certain signals strongly suggest a link is unsafe. Train your eye to spot these patterns:

• Urgency or threats. "Your account will be closed in 24 hours — click here." Real companies do not work this way.
• Unexpected attachments or login pages. If you didn't ask for a password reset, don't click the password reset link.
• Mismatch between display text and actual URL. The link says "www.bankofamerica.com" but hovering reveals something else.
• Random characters in the path. URLs full of long encoded strings ("/aHR0cHM6Ly9z...") are often used to hide redirects.
• Unusual top-level domains. Major brands almost never communicate from .zip, .mov, .click, or .tk domains.
• Public IP addresses instead of domains. A link like http://192.168.4.22/login is a major warning sign.
• Free hosting subdomains. Banks do not host login pages on free hosting platforms.

How to Check Links on Mobile Devices

Mobile is where most phishing succeeds, because small screens hide the full URL and users tap reflexively. Use these techniques on phones and tablets.

On iPhone (Safari)

Press and hold any link. A preview card appears showing the full destination URL and a snapshot of the page. Release without tapping if anything looks off.

On Android (Chrome)

Long-press the link, then choose "Copy link address." Paste it into a notes app to read the full URL before deciding to visit.

In Messaging Apps

WhatsApp, Telegram, and SMS apps often expand previews automatically — but previews can be spoofed. Always treat unsolicited links from unknown numbers as hostile until proven otherwise.

Browser and Network Protections You Should Enable

Beyond manual checks, layered defenses catch threats you might miss. Set these up once and they protect every click.

1. Turn on Enhanced Safe Browsing in Chrome or Firefox's strict tracking protection. Both proactively warn you about dangerous sites.
2. Use encrypted DNS like Cloudflare's 1.1.1.1 or Quad9 (9.9.9.9). These resolvers block known malicious domains at the network level before your browser ever connects.
3. Install a reputable browser extension such as Bitdefender TrafficLight, Malwarebytes Browser Guard, or uBlock Origin. They flag risky links inside search results and social feeds.
4. Keep your browser updated. Most malicious links rely on exploits patched months ago.
5. Enable two-factor authentication on every important account. Even if you accidentally enter credentials on a phishing site, 2FA blocks most takeover attempts.

What to Do if You Already Clicked a Suspicious Link

Mistakes happen. If you clicked something you shouldn't have, act fast — the next 30 minutes matter most.

1. Disconnect from the internet if a file started downloading or the page tried to install something.
2. Do not enter any credentials if a login page appeared. Close the tab.
3. Run a full antivirus scan with your built-in tool (Windows Defender, XProtect) and a second opinion scanner like Malwarebytes.
4. Change passwords for any accounts you may have exposed, starting with email and banking. Use a password manager to generate unique replacements.
5. Enable 2FA on anything that doesn't already have it.
6. Monitor your accounts for unusual activity for the next 30 days. Check bank statements, login history, and email forwarding rules.
7. Report the link to Google Safe Browsing, PhishTank, or the impersonated brand so others are protected.

Building a Habit of Safer Clicking

Tools help, but habits protect you. Three rules cover most situations:

• Pause before clicking links in unexpected messages — even from people you know, because their accounts may be compromised.
• Type sensitive URLs manually for banking, email, and government services rather than following links.
• Bookmark trusted sites and use those bookmarks instead of clicking through search results, which can be poisoned with malicious ads.

For organizations sharing links at scale, choosing the right shortening platform matters too. Read our Rebrandly review and our honest review of Lunyb for comparisons of how leading shorteners handle link safety and abuse detection.

Frequently Asked Questions

Is a link with HTTPS always safe?

No. HTTPS only means the connection between you and the website is encrypted — it doesn't say anything about who runs the site. Phishing pages routinely use free HTTPS certificates. Always check the domain itself, not just the padlock.

What is the fastest way to check a single suspicious link?

Paste it into VirusTotal at virustotal.com. Within seconds, it shows whether any of 70+ security engines have flagged the URL. For shortened links, expand them first using a service like CheckShortURL.

Can I get hacked just by clicking a link without entering anything?

It's rare but possible. Most attacks still require you to enter credentials or download a file. However, drive-by exploits targeting outdated browsers do exist, which is why keeping your browser and operating system updated is critical.

Are shortened links inherently dangerous?

No — they're a neutral tool used by both marketers and scammers. The risk comes from the hidden destination. Use a link expander to reveal the final URL, and prefer shorteners with built-in malware scanning and abuse reporting.

How do I report a malicious link?

Report phishing URLs to Google Safe Browsing (google.com/safebrowsing/report_phish), PhishTank (phishtank.org), and the brand being impersonated (most banks have a phishing@ address). If the link came through a shortener, report it to that service so they can disable it.