Browser & Web Basics

How to Check If a Website Link Looks Safe

How to look at a web link before you click it, and what signs suggest a link might not be safe.

By Alex Chen · Published May 23, 2026 · Updated June 7, 2026

A friend sends you a link in a chat message. Or you see a link in an email, a social media post, or a search result. You are not sure if it is safe to click. The link looks official, but something feels off.

You do not need to be a technical person to check a link. A few seconds of looking at the URL before you click can save you from visiting a fake website, downloading something harmful, or giving away your login information.

What to look at before you click

Every web link has a structure. Understanding the basics helps you spot problems.

A URL like https://www.example-store.com/product/12345 has these parts:

  • https:// — the protocol. “https” means the connection is encrypted. “http” (without the “s”) is less secure. Most legitimate sites use https.
  • www.example-store.com — the domain. This is the part that tells you which website you are visiting.
  • /product/12345 — the path. This is the specific page within the website.

The most important part is the domain. If the domain says “example-store.com,” you are on that store’s website. If the domain says “example-store-deals.xyz” or “examp1e-store-verify.com,” you are on a different site that is pretending to be the store.

Reading the URL: the parts that matter

The domain is the part right before the first single ”/”. Here are some examples:

  • https://www.payment-service.com/signin -> domain is payment-service.com
  • https://secure-payment-verify.com/signin -> domain is secure-payment-verify.com
  • https://www.example-store.com/cart -> domain is example-store.com
  • https://example-store.cart-checkout.net/cart -> domain is cart-checkout.net

The trick is that the real domain is always the part right before the .com, .org, .net, or other top-level domain. “payment-verify.com” is not the same as a real payment service — it is a different site using a similar-looking name.

A common trick is to put a familiar company name earlier in the URL to make it look legitimate. For example, https://payment-service.secure-login.xyz/ is not the payment service’s website — the domain is secure-login.xyz.

The domain does not match the company. If the link claims to be from your bank but the domain is not your bank’s website, do not click it.

The URL has unusual characters. Some fake sites use characters from other alphabets that look like English letters. If a URL looks slightly odd — like “аpple.com” where the “a” is actually a different character — be suspicious.

The link was sent unexpectedly. If you receive a link from a friend that seems out of character — like “Check out this amazing deal!” with no context — their account might have been compromised. Ask them about it before clicking.

The link promises something too good to be true. Free gift cards, unbelievable discounts, or urgent warnings about your account are common tactics to get you to click.

The link is shortened. Services like bit.ly or tinyurl.com shorten long URLs into short ones. This is convenient, but it also hides the real destination. If someone sends you a shortened link and you are not sure where it goes, be cautious — you cannot see the real domain until you click. If you do not trust the source, do not click it.

What to do if you are not sure

If a link looks suspicious, do not click it. Instead:

Go directly to the website. If the link claims to be from a store, bank, or payment service you use, open your browser and type the website address yourself. Log in there and check if there are any alerts or issues with your account.

Ask the person who sent it. If a friend or colleague sent the link, ask them about it. “Did you just send me a link? What is it for?” If their account was compromised, they will want to know.

Search for the company’s real website. If you are not sure whether a link is legitimate, search for the company’s name in a search engine and use the link from the search results instead.

Links in emails deserve extra scrutiny. Even if an email looks like it comes from a company you use, the sender address can be faked. The link in the email is the most reliable way to check — if the link goes to a domain that does not match the company, the email is not legitimate.

Before clicking a link in an email:

  1. Hover over the link (without clicking) to see where it actually goes
  2. Check that the domain matches the company’s real website
  3. If anything seems off, go to the website directly instead of clicking the link

This takes five seconds and can prevent you from visiting a fake site.

A

Alex Chen

Alex writes practical guides for everyday digital tasks.

Keep Reading

More from Browser & Web Basics

Browser & Web Basics

How to Bookmark Important Web Pages

How to save web pages you want to come back to, organize your bookmarks so you can actually find things, and avoid bookmarking everything.
Browser & Web Basics

How to Make Text Easier to Read on a Screen

Simple ways to make web pages and documents easier to read on your computer, phone, or tablet, without installing anything.
Browser & Web Basics

How to Clear Your Browser Downloads List

How to clear the list of downloaded files in your browser, what clearing it actually does, and how to find the files on your computer.
Browser & Web Basics

How to Save a Web Page as a PDF

How to save a copy of any web page as a PDF file, and when it makes sense to save a page instead of bookmarking it.