This morning we posted an article about the latest phishing scam spreading through Twitter’s direct messaging system and we mentioned that these scams use URL shorteners such as t.co, bit.ly, goo.gl, and tinyurl to disguise their full addresses. A few people have been asking us if it is possible to see the full URL for these links; thankfully it is.
URL shorteners are certainly handy and admittedly vital on character limited services such as Twitter but they are also dangerous. They disguise end URLs making it difficult to know where you are going if you click them; you may end seeing something you don’t want to or downloading something that can damage your computer.
URL X-Ray homepage
This is not the first time that tech and security experts have been warning that short URL services pose a serious security risk. As PC World said in 2009, “There are two main problems with link shortening services. First, they make it easier for attackers to distribute spam and phishing attacks because the actual destination URL is not displayed. Second, because link shortening is frequently used with social networking services like Facebook and Twitter, there is an inherent trust that the link will be legitimate.”
But there are several ways to protect yourself, your reputation, and your computer from malware or mal-links disguised by short URLs. These are simple to use, fast to implement, and could save you time and embarrassment in the future.
For goo.gl or bit.ly links you can see where the link goes by adding a + after the address. So, this morning’s post by @darrenmccarra was given the bit.ly URL http://bit.ly/mTfUJn, you can see where this link goes by adding the plus sign after the link in your URL bar – http://bit.ly/mTfUJn+ – this will show you the full URL for the link. You can also do this for Google’s goo.gl link shortener service.
But for a more universal security check you can use URL X-Ray. This site acts as a search engine for the long link, it is designed to uncover the full links from short ones. By entering the short URL above (the one without the + sign) URL X-Ray shows that the links to this website.
But the strength of URL X-Ray comes from its bookmarklet. A bookmarklet is a small piece of JavaScript that can be placed in your browser’s bookmarks/favourites folder. It looks like a regular bookmark but instead of opening a webpage it performs an action; in this case the URL X-Ray bookmarklet allows you to test any short URL from the page you are currently reading, without the need to head over the URL X-Ray website.
URL X-Ray bookmarklet
To use the bookmarklet just drag the link, found here, on their website to your browser’s bookmark bar or menu (in Internet Explorer right-click the link and select Add to Favourites). All you have to do now is click the bookmarklet and copy in any short URL – URL X-Ray will show you the full address.
The simplicity of this method means that you can test any address to be certain that those “Is this you in this picture,” “Is this you in this photo,” or “Is this you in this video” links are genuine or fakes.
