How to Check If a Link Is Safe Before You Click

Short answer: you can almost always tell whether a link is safe before clicking it — by reading the real web address it points to. The visible text and the actual destination are two different things, and scammers count on you trusting the words instead of checking the address.

Here's how to preview any link, read a URL like a pro, and verify a link without ever opening it.

Quick check: Hover (desktop) or long-press (mobile) a link to reveal its true destination. Read the domain right-to-left to find who really owns it. When in doubt, don't click — go to the site directly.

Step 1: Preview where the link actually goes

The link text can say anything; the destination is what matters.

• On a computer: hover your mouse over the link without clicking. The real URL appears at the bottom of the window or as a tooltip.
• On a phone: press and hold the link. A preview pops up showing the full address (then tap "Cancel" or release outside it).
• In an email: be extra careful with buttons — "Verify" or "Log in" buttons hide their destination just like text links.

If the previewed address isn't what you expect, stop there.

Step 2: Read the URL right-to-left

The true owner of a web address is the part just before the first single slash — and you find it by reading the domain backward to the top-level ending (.com, .org, .net).

• paypal.com/login → owned by paypal.com. Fine.
• paypal.com.secure-login.net → owned by secure-login.net, not PayPal. The "paypal.com" is just a subdomain to fool you.
• paypa1.com → a look-alike using the number "1" for the letter "l".
• account-paypal-verify.com → none of the added words make it PayPal.

When the real domain isn't the company's actual one, the link is unsafe.

Step 3: Watch for common disguises

• Look-alike characters — rn for m, 0 for o, 1 for l.
• Extra words or hyphens — apple-support-billing.com.
• Shortened links (bit.ly and similar) that hide the destination — preview or expand them before trusting.
• QR codes, which are just links you can't read — preview the URL after scanning. See QR code scams (quishing).

Step 4: Check a link without clicking it

If you want a second opinion before opening anything:

• Use a reputable URL/link checker to scan the address (paste it in rather than clicking it live).
• Search for the domain plus "scam" or "legit" to see reports.
• Confirm against the official site — open the company's known website or app directly and compare.

Real vs. fake URLs, side by side

| Looks like | Real owner | Verdict | | --- | --- | --- | | amazon.com/orders | amazon.com | Safe | | amazon.com.account-verify.net | account-verify.net | Fake | | arnazon.com | a look-alike (rn = m) | Fake | | paypal-secure-login.com | paypal-secure-login.com | Fake | | accounts.google.com | google.com | Safe | | secure-chase.account-login.com | account-login.com | Fake |

The pattern: find the name right before the first single slash, then read back to its .com/.net ending. Extra words, hyphens, and subdomains before that don't change who owns the site.

The rule that beats every trick

For anything involving your money, login, or personal details, don't use the link at all — go to the site directly by typing the known address or opening the official app. A link can be disguised; typing the real address yourself can't be.

When you'd rather not risk it

If a link is in a message you weren't expecting and you're unsure, forward the whole message to FraudRoom at check@fraudroom.com before clicking — you'll get a plain-English read on whether the link and sender are safe, and the safest next step.

FAQ

How do I see where a link goes without clicking it?

Hover over it on a computer, or press and hold it on a phone, to reveal the full URL. Read the real domain before deciding whether to open it.

Is a link safe if it starts with https?

Not necessarily. HTTPS only means the connection is encrypted, not that the site is trustworthy — many phishing sites use HTTPS too. Judge the domain itself, not just the padlock.

How can I tell if a shortened link is safe?

Shortened links hide the destination, so preview or expand them with a link-expander or URL checker before clicking. If you can't verify it, don't open it — go to the source directly.

Key takeaways

• Link text and link destination are different — always preview the real URL.
• Read the domain right-to-left to find its true owner.
• HTTPS and look-alike domains can both fool you; judge the actual domain.
• For money or logins, skip the link entirely and go to the site directly.

Related reading

• Is this email a scam? How to check if it's real or phishing
• What does a scam email look like? The red flags
• QR code scams (quishing): how to stay safe