In general only click on a link if you trust the domain. A URL usually looks like this: https://first.second.third/… And only the second and the thrid word between dots are important.
For example: https://suspicious.google.com/ is in general fine, since the second and third word is google.com . However, https://lemmy.legit-lemmy.world/ is unsafe, because the second and thrid word are legit-lemmy.world, but not lemmy.world.
There are ways to smuggle unsafe asset under legit URL, usually by uploading them on google drive, github etc. The good rule of thumb is to never run anything on your computer unless you are absolutely sure it comes from trusted source, like from official website.
Official download webpage tends to have very descriptive and short URL, like
If you see long random strings on the download webpage then it is likely unsafe, for example:
Definitely don’t click on links like this one: https://trustmethisisnotascam.com/