How to Check if a Link is Safe Before Clicking

You received a link in an email, text message, or social media DM. It looks a bit suspicious — maybe it's shortened, maybe the domain looks unfamiliar. Should you click it?

Every day, millions of malicious links are sent via phishing emails, fake social media accounts, and compromised websites. Clicking the wrong link can lead to stolen credentials, malware infections, or financial fraud.

The good news: you can verify almost any link before clicking. Here are 6 methods to check if a link is safe.

Cybercriminals use malicious links to:

• Steal login credentials through fake login pages (phishing)
• Install malware that captures keystrokes or encrypts your files
• Redirect to scam sites that trick you into payments or personal info
• Compromise your accounts by hijacking sessions or cookies

Short links and unfamiliar domains make this worse — you can't see where you're going until it's too late.

The simplest check: hover your mouse over a link without clicking. Most browsers display the actual destination URL in the bottom-left corner of the window.

What to look for:

• Does the displayed URL match what you expect?
• Is there a domain mismatch? (e.g., the email says "PayPal" but the link goes to paypa1-secure.com)
• Are there suspicious subdomains? (e.g., paypal.malicious-site.com)

Limitation: This doesn't work on mobile devices, and some link shorteners hide the final destination.

Several free tools scan URLs against databases of known malicious sites:

How to use: Copy the suspicious link (right-click → "Copy link address"), paste it into the scanner, and review the results before visiting.

Shortened links (bit.ly, tinyurl.com, t.co, etc.) hide the destination. Before clicking, expand them to see where they actually go.

URL expander tools:

• CheckShortURL.com — Reveals the destination of most short links
• Unshorten.It — Shows full URL chain and safety rating
• GetLinkInfo.com — Provides detailed redirect analysis

Pro tip: Many legitimate shorteners (including Linkly) let you preview destinations. Add a + to the end of bit.ly links (e.g., bit.ly/abc123+) to see a preview page.

Train yourself to spot suspicious URL patterns:

Domain misspellings:

• arnazon.com instead of amazon.com
• paypa1.com (number 1 instead of letter l)
• g00gle.com (zeros instead of o's)

Suspicious subdomains:

• amazon.malicious-site.com — The actual domain is malicious-site.com, not Amazon
• secure-login.bank.suspicious.com — Legitimate banks don't do this

Missing HTTPS:

• While HTTPS alone doesn't guarantee safety, legitimate sites handling sensitive data should always use it
• Look for the padlock icon in your browser's address bar

Unusual TLDs:

• Be cautious of unfamiliar extensions like .xyz, .top, .buzz on supposedly legitimate business sites

Consider where the link came from:

Warning signs:

• Urgency: "Your account will be suspended in 24 hours!"
• Too good to be true: "You've won a $1,000 gift card!"
• Unexpected sender: A "friend" you haven't heard from in years
• Generic greeting: "Dear Customer" instead of your name
• Grammar/spelling errors in the message

Safer sources:

• Links from verified social media accounts
• URLs you typed yourself or bookmarked
• Links from known contacts about expected topics

Not all short links are suspicious. Reputable link shorteners provide transparency features:

What trustworthy shorteners offer:

• Destination previews — See where the link goes before clicking
• SSL encryption — Secure redirects that protect your data
• Spam monitoring — Active detection and blocking of malicious links
• Branded domains — Custom domains that show the source (e.g., yourbrand.com/offer instead of bit.ly/xyz)

Linkly, for example, provides full transparency: users can see the destination URL, and all links use HTTPS with active spam monitoring. Our anti-spam policy ensures malicious links are detected and removed.

Before clicking any link:

• Hover to preview the URL (on desktop)
• Check for domain misspellings or suspicious subdomains
• Verify HTTPS is present
• Consider the context — is this expected?
• For short links, use an expander tool
• When in doubt, go directly to the site by typing the URL yourself

If you accidentally clicked:

1. 1Don't enter any information — Close the page immediately
2. 2Disconnect from the internet — Prevents malware from communicating
3. 3Run a security scan — Use your antivirus software
4. 4Change passwords — Especially if you entered credentials on a fake site
5. 5Monitor accounts — Watch for unauthorized activity
6. 6Report the link — Submit to Google Safe Browsing or PhishTank

Verifying links before clicking takes seconds but can save you from identity theft, financial loss, and malware infections. Use the methods above to stay safe:

1. 1Hover to preview
2. 2Use URL scanners
3. 3Expand shortened links
4. 4Look for red flags
5. 5Consider the context
6. 6Trust only reputable shorteners

When sharing links yourself, use a trusted service like Linkly that provides branded domains, destination transparency, and active spam protection. Your recipients will thank you.

Need to share links people can trust? Use a free link shortener like Linkly with branded domains and active spam protection — no credit card required.