The Dangers of Short Links

These little links could be a big problem

A young woman concentrating on her laptop computer
YinYang/E+/Getty Images

They're known as short links, shortened URLs, and Tiny URLs. Whatever you call them, their purpose is the same. Link shortening services such as Bitly, TinyURL, and over 200 others, allow users to take a link that might be too long to post within the confines of a twitter post and generate a shorter link that redirects to the longer URL that the user wants to post.

Here's an example of what a link shortening service does:

You could take a long link such as:

http://netsecurity.about.com/od/newsandeditorial1/a/Facebook-Security-5-Things-You-Should-Never-Post-On-Facebook.htm

and use a link shortening service to make it into a nice short link that looks like this:

http://tinyurl.com/82w7hgf

Not only does the link not look anything like the original, it completely obscures the intended link destination. There is no way by looking at the short link that you can tell what the intended target link is. All you see in the short link is the link shortening service site name followed by a string of seemingly random numbers and letters.

Why is this a bad thing? If I was an Internet-based bad guy and wanted to trick you into visiting a link that would install malware on your computer, you would be more likely to fall for clicking http://tinyurl.com/82w7hgf then you would be for visiting http://badguysite.123.this.is.a nasty.virus.and.will.infect.your.computer.exe.

The tiny URL doesn't have anything in it that would tip you off to the fact that it is a malware link

Bad guys love using link shortening services to hide their malware links. Using link shortening to post malware and phishing links on social media sites is a very popular way to reach a wide audience of people who often click on things impulsively.

How can you tell where the destination of a short link leads without clicking on it first?

Before you click on that random short link you saw on Facebook, Twitter, or elsewhere, you should use a link expansion service to inspect it so you can decide whether its destination is somewhere you really want to go.

Fortunately, there are a couple of sites and tools that can help you learn where the hidden path of most any short link leads without having to visit it.

ChecShortURL is a link expansion service that lets you input a short link, such as the example above, and see what the destination link is, without you having to visit it. You simply copy the link you want to check out, go to the CheckShortURLcom site, paste the shortened link into the search field, and it will show you the intended destination of the short link.

LongURL is another link expander / extractor that is simple to use. In addition to the LongURL website that allows for link expansion, LongURL also features a LongURL Mobile Expander Firefox Browser extension that allows you to hover your mouse over a shortened link which then shows a pop-up tool tip that displays the true destination of the short link. This saves you the hassle of having to visit LongURL's website every time you want to inspect a link.

Short URLs aren't going away anytime soon. They make sense for when you are trying to stay within the character limits of Twitter posts and they are just plain handy when you have some massive link that you are trying to read someone over the phone or in similar situations. Hopefully, in the near future we will see more browser integration for link preview expansion and maybe someday we will see destination link scanning, where the destination link is compared to a list of known bad URLs so we can be warned before we make the leap of faith to visit an unknown site.