Typing of a web address can be made quick, easy and fast through using Shortened URLs.

What are Shortened URLs or URL Shortening? URL shortening is a technique on the World Wide Web in which a Uniform Resource Locator (URL) may be made substantially shorter and still direct to the required page. This is achieved by using a redirect which links to the web page that has a long URL.¹ Consequently, the redirect domain name is shorter than the original one.

There are an increasing number of URL shortening service providers that provide internet users with platforms to shorten their URLs such as –

• Bitly for the best all-round URL shortener
• Rebrandly for creating branded links
• TinyURL for fast and anonymous short URLs
• BL.INK for small business owners
• URL Shortener by Zapier for automatically creating short links
• Shorby for Instagram users
• Short.io for sending different visitors different links
• Sniply for adding a CTA to the links you share²

The service is for various reasons from beautification of a link, to tracking the clicks of that link or disguising the underlying address.

In the midst of the benefits stated above and the ease of using this service comes the risk. The risk because it can be used by any person for any motive including those with not so good intentions, remember that the shortened URL links make it hard for you to know where exactly the web browser will actually take you to before hand just by looking at it. By “looking at it”, we mean that by mere looking at a long actual URL, you can tell where it is going to take you to/ the page that will open. For example the URL – https://tabalonline.com/product-category/gadgets/power-banks/ by mere looking at it, you can tell that it is would take you to the Powerbank sub-category of the Tabalonline website compared to https://bit.ly/3AhspqO which also redirects you to the same URL but in which you can not read the actual URL path.

I guess the risk becomes obvious now, because someone could actually give you this link – https://bit.ly/3AhspqO while in actual fact it will either redirect elsewhere which is not where or what you had intended.

Criminals use shortened URLs to:

• Direct people to phishing websites—sites that ask you to log in or fill in a form and then steal your password and/or personal information. Always look at the URL or your web browser address bar before you click a link or visit a web link.
• Initiate download of malicious software, such as ransomware (see definition at the end of this article) “aka Viruses”, to your device and either compromise your data or do other worse things.

What is the recommended Course of Action?

Before You Click, Reveal Full URLs³

There are a number of ways you can reveal the full URL behind a shortened URL:

• Use the shortening service preview feature. Type the shortened URL in the address bar of your web browser and add the characters described below to see a preview of the full URL:
  • tinyurl.com. Between the “http://” and the “tinyurl,” type preview.
    Example: http://preview.tinyurl.com/zn7xnzu
  • bit.ly. At the end of the URL, type a +.
    Example: http://bit.ly/2lgPesi+
  • goo.gl. At the end of the URL, type a +.
    Example: https://goo.gl/vLfoaW+
• Use a URL checker or Expander. These are just a few of the sites that let you enter a short URL and then see the full URL:
  • getlinkinfo.com
  • unshorten.it
  • urlxray.com
  • urlex.org/
  • urlexpander.net/

If you intend to Shorten a URL,

Consider the following –

I believe having read this article, yourself as well as others will be suspicious of shortened URLs now. However, where and when you have a need to leverage on this service for the good benefits which it comes with, you woul dnot be happy if others just boycotted your message and the action course of clicking on the URL link in your message, so what do you do?

In general it is advised that you do what you can to make it clear to people where they will go if they click or type the URL you provide. You can achieve this by the following means amongst others –

• Use descriptive link text with the full URL. In emails and on web pages, it is best to use descriptive link text with the full URL behind it. That lets people know where they will go if they click; they can hover over the link with their mouse to see the full URL. It is also a recommended best practice for accessibility, because it provides people who use screen readers with clear, complete information. Example: Bluetooth Earphones at Tabalonline
• Don’t use a shortened URL if people must log in. If you are directing people to a page that requires login, let them see the full URL and tell them login will be required.
  Example: Access your profile page on Tabalonline at https://tabalonline.com/my-account/ (login required).
• Be clear about the destination when you must use short URLs. On social media platforms, such as Twitter, you may need to use a shortened URL to stay within a character limit. It is helpful to let people know where the short URL will take them.

Article References:

1. https://en.wikipedia.org/wiki/URL_shortening
2. https://zapier.com/blog/best-url-shorteners/
3. https://safecomputing.umich.edu/be-aware/phishing-and-suspicious-email/shortened-url-security
4. https://safecomputing.umich.edu/be-aware/phishing-and-suspicious-email/ransomware

Ransomware is malicious software that can infect and encrypt the files and folders on your computer and other devices, preventing you from opening them. Victims are asked to pay a ransom to get their folders, files, and devices unlocked.

Criminals use ransomware to extort money from individuals and organizations. Educational institutions and healthcare organizations are among the top targets.