How do I quickly check whether a link or website is safe before clicking?
Use a combination of Google's Safe Browsing checker, your browser's built-in warnings, and the /risk-score/scam-risk-checker to assess unfamiliar URLs before you enter any personal or payment information.
Last reviewed: 10 June 2026
Explanation
Not every suspicious link needs a full investigation — a quick two-step check catches most malicious URLs before any harm is done. The first step is hovering over the link without clicking to see the actual destination URL in your browser's status bar. If the visible text says 'Click here to verify your account at PayPal' but the status bar shows an unrelated domain, the link is fraudulent.
For links you are genuinely uncertain about, Google's Safe Browsing transparency report (transparencyreport.google.com/safe-browsing/search) allows you to check any URL against Google's database of known malicious sites. Similarly, VirusTotal (virustotal.com) scans a URL against dozens of security engines simultaneously and flags known threats. These checks take under a minute and are free.
Browser-level protection has improved significantly. Chrome, Firefox, Safari, and Edge all have built-in phishing and malware warnings that flag known bad sites as you navigate to them. Keep these warnings enabled — some users inadvertently disable them. Adding a browser extension such as uBlock Origin also blocks a large proportion of known advertising and phishing domains automatically.
For the ScamEncyclopedia risk checker at /risk-score/scam-risk-checker, you can paste a URL and receive an automated assessment that checks domain age, registration details, known blacklists, and other signals associated with fraudulent sites. Combine this with your own assessment of whether the site is asking for information proportional to the service it claims to offer — a free news site has no reason to ask for your credit card number.
Common red flags
- Link text shows a trusted brand but the actual URL on hover shows a different domain
- URL contains unusual subdomains mimicking a brand: paypal.verify-account.com
- Shortened URL (bit.ly, tinyurl) from an unexpected message — the destination is hidden
- Browser warning appears when you try to navigate to the site
- URL uses HTTP rather than HTTPS for a site that handles personal information
- VirusTotal or Safe Browsing check returns a malicious or phishing verdict
What to do now
- Hover over every link before clicking to see the real destination URL
- Check unknown URLs at transparencyreport.google.com or virustotal.com
- Use the /risk-score/scam-risk-checker for a more detailed assessment
- Keep browser built-in phishing and malware warnings enabled
- Consider a browser extension like uBlock Origin for automatic blocking of known threats
- Never enter personal or payment information on a site your browser flags as unsafe
Frequently asked questions
Does HTTPS mean a link is safe to click?
No. HTTPS only means the connection between your browser and the server is encrypted. Phishing sites, malware distribution sites, and fraudulent stores all use HTTPS. It is a necessary but not sufficient indicator of safety.
Are URL shorteners automatically suspicious?
Not automatically — many legitimate links use shorteners for convenience. But a shortened URL in an unexpected message from an unknown contact is worth expanding before clicking. Use a URL expander service (urlexpander.io, expandurl.net) to see the destination before visiting.