Detection of malicious URLs in a Web page retrieved by a computer user is based in a backend security service or upon the user's computer. The HTML code download by the user is first scanned to detect any embedded links such as URLs found in frames or scripts. Features related to the layout of such a URL (position, visibility) are identified. Features related to the referring nature of the URL (page rank of parent, page rank of child) are identified. Features indicating the relevancy between the content of the parent Web page and the content of the Web page identified by the embedded URL identified. Each set of features is transformed into a binary vector and these vectors are fed into a decision engine such as a classifier algorithm. The classifier algorithm outputs a score indicating whether or not the suspect URL (and the Web page to which it links) is malicious or not. The user may be warned by a display message.