How to tell if a link is safe before you click it

Someone sends you a link. Maybe it's a text, an email, or a message in a group chat. Something feels off - the wording is slightly strange, the sender seems to be in a hurry, or the link just doesn't look right.

Here's what to check before you click.

---

Why it matters

Most scams start with a link. Click the wrong one and you could end up on a fake site that steals your passwords or payment details, or trigger a download that puts malware on your device.

Most malicious links have tells. You just need to know where to look.

---

Look at the link before you click

If you can see the URL in an email, text, or message, read it carefully before tapping. The domain is the core part - in www.example.com/page, the domain is example.com. That's what to focus on.

Scammers use a few reliable tricks:

• Typosquatting - registering a domain that looks like a real one at a glance: arnazon.com, paypa1.com, halifax-secure.com
• Brand-wrapping - putting a real name inside extra words: amazon-security-alert.com is not Amazon; a genuine Amazon link lives on amazon.com or a recognised regional variant
• Odd extensions - .xyz, .top, .click, .ru appearing in links that claim to be from UK companies or government services
• Random-looking strings - if a link looks like xk92-verify.net/a8s3, it's not a real service

Also check the protocol. A link starting with http:// rather than https:// means the connection isn't encrypted. Legitimate banks, retailers, and government sites always use https:// - it's not automatically a scam, but it's a warning sign on any page asking for your details.

---

Think about the context

Before you click, ask yourself:

• Were you expecting this message?
• Does the sender's address or number match who they claim to be?
• Is it creating urgency - "Act now", "Your account will be suspended", "You have 24 hours"?
• Is it asking you to log in, pay something, or confirm personal details?

Scammers rely on panic. A real bank, parcel company, or government department won't send you a link demanding immediate action under threat of losing your account or your money. If the message came out of nowhere and wants you to do something fast, slow down.

---

Check the link with a tool

Even if a link looks plausible, run it through a URL checker before visiting. These tools check the domain against databases of known scam sites, phishing campaigns, and malicious URLs.

SniffTest runs a URL through 17 checks - including Google Safe Browsing, domain age, and blocklists - and returns a plain-English verdict in seconds. It's free and doesn't store the URLs you check.

VirusTotal is another option, checking against a wider set of security databases, though the output is more technical.

---

If you're still not sure, go directly

If a link claims to be from your bank, HMRC, Royal Mail, or any organisation you have an account with, don't click it at all. Open a new tab, go directly to the official site you already know (type it yourself, or use a saved bookmark) and check whether there's actually anything to deal with. If there isn't, the message was a scam.

---

If you already clicked

If you clicked but didn't enter anything - you're probably fine. Close the tab, run the URL through SniffTest, and if the link came from someone you know, let them know their account may have been compromised.

If you entered a password or payment details - move quickly:

1. Change the password on any account using the same credentials
2. Contact your bank to monitor for unusual activity or freeze your card
3. Report the phishing attempt to the NCSC at report.ncsc.gov.uk (UK) or the Anti-Phishing Working Group at reportphishing@apwg.org (US)

---

Before you click: a quick checklist

Run through these before tapping any link you're unsure about:

1. Does the domain look exactly right, with no extra words, typos, or numbers?
2. Does it start with https://?
3. Were you expecting this message from this sender?
4. Is it creating urgency or asking you to act immediately?
5. Have you run it through a checker?

If any of those give you pause, don't click. Check first.

---

Frequently asked questions

Q: How can I check if a link is safe without clicking it?

A: Copy the link (without clicking it) and paste it into SniffTest at doasnifftest.com. It runs 17 checks including Google Safe Browsing and domain age and gives you a plain-English verdict in seconds. On mobile, press and hold the link to copy it without opening it.

Q: Is it safe to click a link in a text message?

A: Not without checking it first. Smishing - phishing via SMS - is one of the most common scam methods. Legitimate organisations rarely send unsolicited texts with links. If you get one, copy the link and run it through SniffTest, or go directly to the organisation's official site without clicking the link at all.

Q: What does a phishing link look like?

A: Phishing links are designed to look like legitimate ones at a glance. Common patterns include typosquatting (arnazon.com, paypa1.com), brand names wrapped in extra words (amazon-security-alert.com), unusual extensions (.xyz, .top, .click), and random-looking strings like xk92-verify.net. The safest habit is to read the full domain - not just the start - before clicking anything.

Q: I already clicked a suspicious link. What should I do?

A: If you clicked but didn't enter any information, you are likely fine. Close the tab and run the URL through SniffTest to check. If you entered a password, change it on every site where you use the same credentials. If you entered payment details, contact your bank immediately. Report the link to the NCSC (report.ncsc.gov.uk) in the UK or the FTC (reportfraud.ftc.gov) in the US.

Q: Can a link be dangerous even if it has HTTPS?

A: Yes. HTTPS only means the connection between your browser and the site is encrypted - it says nothing about whether the site itself is trustworthy. Scammers routinely get HTTPS certificates for fake sites. Always check the full domain name, not just whether there's a padlock.