You just received a text from “USPS” about a missing package. Or maybe an email from “PayPal” saying your account is locked.
There is a link inside. You think it might be fake, but you aren’t sure. You want to see where it goes, but you are afraid to click it.
You are right to be afraid. Clicking a malicious link can install malware, steal your session cookies, or trick you into handing over your password.
But you don’t have to guess. You can use professional “sandbox” tools to open the link for you.
In this guide, we will show you how to scan any suspicious URL using VirusTotal and urlscan.io-without ever exposing your own device to danger.
Tool 1: The Quick Scan (VirusTotal)
VirusTotal is a free service owned by Google. It is the industry standard for checking files and links.
When you paste a link into VirusTotal, it scans it using over 70 different antivirus engines (like Kaspersky, Sophos, and Bitdefender) simultaneously.
How to use it:
- Copy the suspicious link (Right-click > “Copy Link Address”). Do not click it.
- Go to VirusTotal.com.
- Click the “URL” tab.
- Paste your link and hit Enter.
The Result:
- 0/90 (Green): The site is likely clean.
- 5/90 (Red): If even a few vendors flag it as “Phishing” or “Malicious,” stay away.
Tool 2: The Deep Look (urlscan.io)
Sometimes, a link is so new that antivirus scanners haven’t caught it yet. This is where urlscan.io shines.
This tool performs a “sandboxed” scan. It actually visits the website on a cloud server and takes a screenshot of it for you.
Why this is powerful: You can see exactly what the website looks like without your computer ever touching it.
How to use it:
- Go to urlscan.io.
- Paste the suspicious link.
- Click “Public Scan.”
What to look for: Look at the Screenshot.
- Does the link claim to be “Apple Support,” but the screenshot looks like a cheap WordPress blog?
- Does it look like a login page for your bank, but the URL is secure-banking-login-123.com?
This visual proof is often the best way to spot a Geek Squad Phishing Scam or a fake USPS Delivery Page.
The “HTTPS” Myth (The Padlock Trap)
A common mistake people make is thinking, “It has a padlock icon next to the URL, so it must be safe.”
This is false.
The FBI warns that criminals create “spoofed” websites that look identical to legitimate ones-often using encryption to fool you. The padlock only means the connection is encrypted; it does not mean the site owner is honest. You can have a perfectly encrypted connection to a thief.
Watch this short explanation on why you should never trust the lock icon:
Video Source: YouTube/Don’t Rely on the Padlock: What the Lock Icon in Your Browser Really Means
How to Analyze a “Shortened” Link
Scammers often use link shorteners (like bit.ly or tinyurl) to hide the true destination of a link.
Before you scan these, you should “unshorten” them.
- Go to a free tool like Unshorten.It.
- Paste the short link.
- It will reveal the true destination URL (e.g., revealing that bit.ly/3×89 actually goes to malware-site.net).
The Bottom Line
If you have any doubt about a link, scan it before you click it. It takes less than 30 seconds to run a URL through VirusTotal, and it could save you thousands of dollars in identity theft damages.
