← All guides

Is this link safe? How to check before you click

May 29, 2026 · 2 min read

A single click on the wrong link can hand over a password or install malware. Here is how to check a link before you trust it.

Why links are the #1 trick

Most online scams come down to one thing: getting you to click a link. The link might lead to a fake login page, a malware download, or a payment form for something that does not exist. Attackers are good at making links look legitimate - so a few seconds of checking pays off.

How to check a link before clicking

  1. Read the domain carefully. The important part is the domain right before the first single slash. In https://account.microsoft.com.security-check.ru/login, the real domain is security-check.ru, not Microsoft.
  2. Watch for look-alikes. Swapped letters (paypa1.com), extra words (apple-support.com), or odd endings (.help, .click, .zip) are red flags.
  3. Hover, do not click. On a computer, hover over the link to see the real destination at the bottom of the screen. On mobile, press and hold to preview it.
  4. Be wary of shortened links. bit.ly and similar hide the real destination. Expand them before trusting them.
  5. Check for HTTPS - but do not rely on it. A padlock means the connection is encrypted, not that the site is honest. Scammers use HTTPS too.

The fastest way: paste it into a checker

Reading domains takes practice. To get a clear answer fast, paste the link into our Link Checker. It follows redirects, flags look-alike and newly-registered domains, checks the link against threat-intelligence sources, and gives you a plain-language safety score - without you ever visiting the page.

If a link looks suspicious

  • Do not enter any information. No passwords, no card numbers, no codes.
  • Go direct instead. If the message claims to be from your bank, type the bank's address yourself or use its app.
  • Report it. Forward phishing to your email provider or IT team, then delete it.

Already clicked?

If you only opened the page, close it - you are likely fine. If you entered a password, change it right away (and anywhere you reused it), and turn on two-factor authentication. You can check whether that password has appeared in a breach with our Password Checker.

Slowing down for a few seconds before clicking is the simplest, most powerful security habit there is.

Try it yourself

Open the Link Checker

June 1, 2026

What is typosquatting? Look-alike domain scams explained

A zero instead of an "o", an extra word, a different ending - look-alike domains are built to catch you when you're moving fast. Here is how they work.

Read the guide

June 1, 2026

HTTP security headers explained (HSTS, CSP, and more)

Invisible to visitors but vital to safety: security headers tell your browser to refuse insecure connections and block risky scripts. Here is what each one does.

Read the guide

May 30, 2026

Your password was in a data breach: what to do now

A breach notification is unsettling, but the fix is straightforward. Here is exactly what to do - and how to stop it from mattering next time.

Read the guide