facebook-pixel

How to Check if a Link Is Safe Before Clicking: The Complete 2026 Guide

L
Lunyb Security Team
··9 min read

Every day, billions of links travel through emails, text messages, social feeds, and chat apps. Most are harmless, but a growing share lead to phishing pages, malware downloads, or scams designed to steal your money and identity. Knowing how to check if a link is safe before clicking is one of the most valuable digital skills you can develop in 2026.

This guide walks you through the exact process security professionals use to vet suspicious URLs, including free tools, manual inspection techniques, and warning signs that should make you close the tab immediately.

Why Checking Links Before Clicking Matters

A malicious link can compromise your device in a single click. Modern phishing pages replicate the look of banks, delivery services, and social platforms with pixel-perfect accuracy, tricking even cautious users into handing over credentials.

According to industry reports, phishing accounts for more than 36% of all data breaches, and shortened or disguised URLs are one of the top delivery methods. The good news: with a few quick checks, you can spot the vast majority of dangerous links in under a minute.

Common Risks of Clicking Unsafe Links

  • Credential theft: Fake login pages capture your usernames and passwords.
  • Malware installation: Drive-by downloads infect your device with ransomware, spyware, or keyloggers.
  • Financial fraud: Fake payment portals steal card details or trigger unauthorized transactions.
  • Session hijacking: Malicious scripts steal cookies and take over your accounts.
  • Identity theft: Personal information collected through fake forms is sold or exploited.

How to Check if a Link Is Safe: The 7-Step Method

Follow these seven steps in order. Most safe-looking links pass all checks in seconds, while suspicious ones will fail at least one.

  1. Hover before you click. On desktop, hover your cursor over the link to reveal the true destination in the bottom-left corner of your browser. On mobile, long-press the link to preview the URL.
  2. Inspect the domain carefully. Look at the part immediately before the first single slash (/). "paypal-secure.com" is not the same as "paypal.com."
  3. Check for HTTPS and the padlock. While HTTPS alone doesn't mean a site is safe, its absence on a login page is a red flag.
  4. Run the URL through a link scanner. Tools like Google Safe Browsing, VirusTotal, and URLVoid check the link against threat databases.
  5. Expand shortened links. Use an unshortener service to see the full destination before visiting.
  6. Look for typos and odd characters. Homograph attacks use Cyrillic or accented letters to mimic real domains.
  7. Consider the context. Was the link unexpected? Does the sender's message tone feel off? Trust your instincts.

Free Tools to Scan Suspicious Links

Link scanners compare URLs against constantly updated databases of known phishing, malware, and scam sites. Using two or three scanners together gives you the most reliable verdict.

Top Link-Checking Services in 2026

ToolBest ForCostKey Feature
Google Safe BrowsingQuick reputation checkFreePowers most browser warnings
VirusTotalDeep multi-engine scanFreeChecks 70+ antivirus engines
URLVoidDomain reputationFreeAggregates 30+ blocklists
PhishTankVerified phishing URLsFreeCommunity-verified database
Norton Safe WebConsumer-friendly ratingFreeSimple safety score
Sucuri SiteCheckMalware & blacklist scanFreeDetects injected malware

How to Use VirusTotal in 30 Seconds

  1. Visit virustotal.com.
  2. Click the "URL" tab.
  3. Paste the suspicious link and press Enter.
  4. Review the detection results. If more than one or two engines flag it, avoid the link entirely.
  5. Check the "Details" and "Community" tabs for additional context.

How to Read a URL Like a Security Analyst

Reading a URL correctly is the single most useful skill for spotting fake links. Every URL has predictable parts, and attackers exploit the ones people misread.

Anatomy of a URL

Consider this example: https://accounts.google.com/signin?next=/profile

  • Protocol: https://
  • Subdomain: accounts
  • Root domain: google.com (this is what matters most)
  • Path: /signin
  • Query string: ?next=/profile

The root domain is the last two segments before the first single slash. Attackers try to hide the real root domain by burying it inside subdomains or paths. For example, google.com.security-check.ru/login is actually on the domain security-check.ru, not Google.

Warning Signs in a URL

  • Misspellings like "amaz0n.com" or "faceb00k.com"
  • Extra words attached to brand names ("apple-support-team.com")
  • Unusual top-level domains for a major brand (".xyz", ".top", ".click")
  • Long strings of random characters
  • Excessive subdomains ("login.secure.verify.bank.example.com")
  • Non-Latin characters mixed with Latin ones (homograph attacks)
  • IP addresses instead of domain names (e.g., http://192.168.1.5/login)

Dealing With Shortened Links

URL shorteners are convenient and widely used for legitimate purposes like sharing on social media, tracking marketing campaigns, and making links memorable. However, they can also hide malicious destinations, so it's worth expanding unfamiliar short links before clicking.

Reputable shortening services publish clear terms of use, actively police abuse, and often include click analytics that legitimate marketers rely on. Platforms like Lunyb and other trusted providers maintain safety systems to detect and remove malicious links. If you're evaluating shorteners for your own use, our 2026 buyer's guide compares the top options.

How to Expand a Short Link Safely

  1. Copy the shortened URL without clicking it.
  2. Paste it into an unshortener tool such as CheckShortURL, Unshorten.it, or ExpandURL.
  3. Review the full destination URL that appears.
  4. Run that expanded URL through VirusTotal or Google Safe Browsing.
  5. Only then decide whether to visit it.

Popular Short-Link Domains

Recognizing legitimate shortener domains helps you gauge risk. Common examples include bit.ly, t.co (Twitter/X), tinyurl.com, rebrand.ly, and lunyb.com. For a deeper look at established services, see our Rebrandly review.

Mobile-Specific Link Safety Tips

Mobile devices make link checking harder because URLs are truncated in messaging apps and email clients. Attackers know this and increasingly target smartphones.

Best Practices on Mobile

  • Long-press to preview. On iOS and Android, holding a link reveals the full URL and options like "Copy Link."
  • Copy first, inspect second. Paste the copied link into a notes app to see the full string.
  • Enable built-in scam warnings. iOS Message Filtering and Android Messages spam protection catch many phishing texts automatically.
  • Never enter credentials from an SMS link. If a text claims to be from your bank, open the bank's app directly instead.
  • Avoid installing profiles or certificates requested by an unfamiliar site.

Red Flags That Should Stop You Immediately

Certain signals almost always indicate a malicious link. If you see any of these, close the page and delete the message.

Message-Level Red Flags

  • Urgent language: "Your account will be closed in 24 hours!"
  • Unexpected package delivery notifications
  • Requests for passwords, PINs, or 2FA codes
  • Offers that are too good to be true (lottery, crypto giveaways)
  • Threats of legal action or arrest
  • Messages from a familiar name but unusual writing style

Page-Level Red Flags

  • Login form on a page with no HTTPS
  • Pop-ups claiming your device is infected
  • Requests to download an "update" or "security tool"
  • Broken images, poor grammar, or misaligned layouts on brand pages
  • Redirects through multiple domains
  • Browser warnings you're tempted to override

Building Long-Term Link Safety Habits

Tools help, but habits protect you. Security professionals rely on a small number of consistent behaviors that dramatically reduce risk.

The Five Habits That Prevent Most Attacks

  1. Never click login links from email. Type the address directly or use a bookmark.
  2. Enable two-factor authentication on every important account so a stolen password isn't enough.
  3. Keep your browser and OS updated. Most drive-by downloads exploit patched vulnerabilities.
  4. Use a password manager. It refuses to autofill on look-alike domains, which is a powerful phishing detector.
  5. Use encrypted DNS (like Cloudflare 1.1.1.1 or Quad9 9.9.9.9) to block known malicious domains at the network level.

What to Do If You Already Clicked

  1. Disconnect from the internet immediately.
  2. Do not enter any credentials or download any files.
  3. Close the tab and clear your browser cache.
  4. Run a full antivirus and anti-malware scan.
  5. Change passwords for any account you might have exposed, starting with email.
  6. Enable 2FA on those accounts if you haven't already.
  7. Monitor your bank and credit card statements for the next 30 days.
  8. If work-related, report the incident to your IT team immediately.

Quick Reference: Safe vs. Suspicious Link Comparison

CharacteristicSafe LinkSuspicious Link
Domain spellingExact brand matchMisspelled or extra words
ProtocolHTTPS with valid certificateHTTP or expired certificate
Sender contextExpected, matches historyUnexpected or urgent
URL structureClean, readable pathRandom strings, many redirects
Scanner resultsClean on VirusTotalOne or more detections
Landing pageMatches brand design exactlyOff-brand fonts, broken elements

Frequently Asked Questions

Is HTTPS enough to prove a link is safe?

No. HTTPS only means the connection is encrypted, not that the site is trustworthy. Attackers routinely obtain free SSL certificates for phishing sites, so a padlock in the address bar is necessary but not sufficient. Always verify the domain itself before entering any information.

Are shortened links inherently dangerous?

Not at all. URL shorteners are widely used by legitimate businesses, journalists, and marketers to create clean, trackable links. The risk comes from not knowing the final destination. Reputable services actively monitor for abuse, and you can always expand a short link with a free unshortener before clicking. For a full comparison of trusted providers, see our best URL shorteners guide.

What's the fastest way to check a link on my phone?

Long-press the link to preview the full URL, then copy it. Paste it into Google Safe Browsing (transparencyreport.google.com/safe-browsing/search) or VirusTotal's mobile-friendly site. The whole process takes under 30 seconds and works on any modern smartphone browser.

Can antivirus software catch every malicious link?

No security tool catches everything. Antivirus and browser filters block known threats, but new phishing pages appear by the thousands each day and often stay live long enough to catch victims before being blacklisted. Combining automated tools with manual URL inspection is the most reliable defense.

What should I do if a link came from a friend but looks suspicious?

Assume their account may be compromised. Contact them through a different channel (phone call, in person, or a different app) to confirm they actually sent it. Do not reply through the same channel, since an attacker controlling the account will simply say "yes, it's safe." Meanwhile, don't click the link.

Final Thoughts

Knowing how to check if a link is safe before clicking is a skill that pays off every single day online. The seven-step method, combined with two or three trusted scanners and a few strong habits, will protect you against the overwhelming majority of phishing and malware attempts you'll ever encounter.

The core principle is simple: slow down for two seconds. Attackers rely on urgency and reflex clicks. When you pause, hover, and verify, you take away their biggest weapon. Bookmark this guide, share it with less technical friends and family, and make link inspection an automatic part of how you use the internet.

Protect your links with Lunyb

Create secure, trackable short links and QR codes in seconds.

Get Started Free

Related Articles