CHECKLINK AI
Back to Learn
Security Signals

False Positives and False Negatives in Link Safety

Why scanners can over-warn or miss threats, and how to treat results as risk signals instead of proof.

Updated 2026-07-06 - 6 min - Everyone interpreting scanner results or security verdicts

Two ways tools can be wrong

A false positive happens when a legitimate link is flagged as risky. A false negative happens when a risky link is not flagged.

Both problems exist because attackers adapt, legitimate infrastructure can be messy, and context often changes the meaning of a signal.

False positives create friction

Marketing redirects, link shorteners, unusual hosting, new domains, and tracking links can look suspicious without being malicious.

Explanations help users decide whether a warning is expected or needs escalation.

False negatives create overconfidence

New phishing pages, low-volume scams, HTTPS certificates, and clean-looking landing pages can avoid obvious signals.

A low-risk result should not be treated as permission to enter credentials or approve sensitive requests without context.

How CheckLink helps

CheckLink shows reasons, limitations, and manual review paths. It avoids guarantee language because both false positives and false negatives are part of real-world link safety.

Checklist

Read the reasons
Ask what action the link requests
Use official channels for sensitive actions
Request manual review when stakes are high
Report suspicious links

FAQ

Can CheckLink be wrong?

Yes. CheckLink provides signals and review paths, not certainty.

How should I use a low-risk result?

As one signal. Still verify sensitive requests through official channels.

Related guides

Related glossary terms

Use CheckLink before the next click

CheckLink provides risk signals and review paths. It does not guarantee that a website is risk-free.