URL shorteners and security

I’m sure most of us have seen or have clicked on URLs generated by shortening services. The most popular being Bitly, and of course Twitter and other platforms also use shortened URLs. When I first stumbled across shortened URLs years ago, my first thought was that it looked suspicious. Even more than a decade later and I still have the same instinct when seeing them. These services are used primarily for marketing, with security being - as usual, an afterthought. Malware and phishing attacks have been known to occur and still occur through URL shortening because it is easy to hide the true web URL from people. URL shortening services do scan for malware and potentially malicious content, however, this is not an instant process and people are still left victimised in the meantime. One particular study by Le Page et al. (2018) showed that 50% of phishing and malicious shortened URLs may persist for upwards of 80 days and 340 days respectively. Malware detection, analysis and defense is an ongoing battle, a constant cat and mouse game. So, to keep yourself safe online you should observe these basic tips:

  • Where is the shortened URL coming from?
    • Is it from a trusted source?
  • Is it necessary to click on the link?
    • You may choose, like me, to find the information from a search engine or elsewhere other than directly clicking on the link
  • If you choose to click, does the site from the shortened URL look legitimate?
    • If it’s asking for suspiciously personal or unusual information, be wary - use your gut instinct!

If you want to read the entire study referenced in this post, visit this link.


Thanks for reading! As always reader participation is not just welcomed, but encouraged! If you have any suggestions, corrections or anything in between, feel free to leave a comment.

Want a good laugh? Check out our other blog created entirely by artificial intelligence (AI).

I'm also testing an alternative to Facebook called Dots Mesh, developed by Ivo Petkov - my instance is available here
  • Because I am testing it and hosting it myself I am making it free of charge
We've done the research, so you don't have to!

Braeden Mitchell's Picture

About Braeden Mitchell

Braeden has an MSc specialising in Information Security and freelancing as an IT consultant

Sweden https://cyklon.solutions

Comments