False Positives and False Negatives in Link Safety
Why scanners can over-warn or miss threats, and how to treat results as risk signals instead of proof.
Two ways tools can be wrong
A false positive happens when a legitimate link is flagged as risky. A false negative happens when a risky link is not flagged.
Both problems exist because attackers adapt, legitimate infrastructure can be messy, and context often changes the meaning of a signal.
False positives create friction
Marketing redirects, link shorteners, unusual hosting, new domains, and tracking links can look suspicious without being malicious.
Explanations help users decide whether a warning is expected or needs escalation.
False negatives create overconfidence
New phishing pages, low-volume scams, HTTPS certificates, and clean-looking landing pages can avoid obvious signals.
A low-risk result should not be treated as permission to enter credentials or approve sensitive requests without context.
How CheckLink helps
CheckLink shows reasons, limitations, and manual review paths. It avoids guarantee language because both false positives and false negatives are part of real-world link safety.
Checklist
FAQ
Can CheckLink be wrong?
Yes. CheckLink provides signals and review paths, not certainty.
How should I use a low-risk result?
As one signal. Still verify sensitive requests through official channels.
Related guides
Related glossary terms
Use CheckLink before the next click
CheckLink provides risk signals and review paths. It does not guarantee that a website is risk-free.