Whatever the aim of the link, whether it’s legitimate or fraudulent, there are various things you can do to test them out before clicking on them. If you use Gmail, you’ll see warnings such as the one below if it thinks the message is dangerous. This isn’t specifically about the link, but that is factored into it. The huge red bar should ensure you don’t accidentally click or reply to the message. The first option, which will only work in certain circumstances, is to type the website address yourself. For example, if you get an email from your bank, the government or any service for which you have an account, then you can browse to the official website by typing in its official address, or searching in Google. One of the things scammers love to do is to register a similar-looking website address which can fool you into thinking it’s the real deal. Typically, you’ll get an email saying that you’re due a refund or that your account has been locked and to click on the link to claim it / reset it. Again, rather than clicking the link, go to the website, log into your account and find out if that is the case. If the other methods here are too laborious for you, then consider installing an extension for your web browser which will warn you of websites it considers dangerous and will stop you from visiting such web pages when you click on links in other apps. This applies only to desktop web browsers, not mobile. There are lots available and many are free; others are part of antivirus packages. There’s McAfee Web Advisor, Kaspersky URL Advisor, Norton Safe Search and many others. You can also use these tools manually to check a URL if you don’t fancy installing the extension, but this rather defeats the point of making your life more convenient.
The one we recommend trying is Bitdefender TrafficLight which is free and available for Chrome, Firefox and Safari. It will put a little colour-coded tick next to search results. If they’re green, they’re safe to click on. Often, you won’t be able to see where the link will take you because the sender has used a link shortening service such as tinyurl, Bit.ly or Goo.gl. In this case, you can copy and paste the short link into an expander service such as CheckShortURL.com which will show you the actual URL that it redirects to.
This will help you see whether it’s safe to click on or not. In this example, it links to a website in China which is deemed safe by the reputation scanners below, but is a copy of the Mirror website. Arguably fraudulent, then, but it doesn’t pose a threat to your device. While these methods all work, they are effectively a second line of defence. Your primary method should be antivirus software which will work no matter which web browser you use and will keep your device protected from malware. Most antivirus security suites also have an email scanner which will check for suspicious attachments and should also warn you about phishing links in emails as well as blocking dangerous websites. If you’re only using the built-in Windows defender then you might want to check out our roundup of the best antivirus software and choose a package that offers more comprehensive protection.
Think you can spot a phishing message? Take this test and find out – only five per cent of Brits managed to spot all 10.
Related articles for further reading
All security news Do you really need antivirus on Windows? Can Macs get viruses? Do you really need antivirus on Android? How to remove a virus from Windows How to remove a virus from Android Best antivirus software for Windows (plus free options) Bitdefender vs Norton Best antivirus software for Android Best antivirus deals
Jim has been testing and reviewing products for over 20 years. His main beats include VPN services and antivirus. He also covers smart home tech, mesh Wi-Fi and electric bikes.