How to avoid phishing & other scams on Twitter by uncovering short URLs

URL X-Ray homepage
URL X-Ray homepage

This morning we posted an article about the latest phishing scam spreading through Twitter’s direct messaging system and we mentioned that these scams use URL shorteners such as t.co, bit.ly, goo.gl, and tinyurl to disguise their full addresses.  A few people have been asking us if it is possible to see the full URL for these links; thankfully it is.

URL shorteners are certainly handy and admittedly vital on character limited services such as Twitter but they are also dangerous.  They disguise end URLs making it difficult to know where you are going if you click them; you may end seeing something you don’t want to or downloading something that can damage your computer.

URL X-Ray homepage
URL X-Ray homepage

This is not the first time that tech and security experts have been warning that short URL services pose a serious security risk.  As PC World said in 2009, “There are two main problems with link shortening services. First, they make it easier for attackers to distribute spam and phishing attacks because the actual destination URL is not displayed. Second, because link shortening is frequently used with social networking services like Facebook and Twitter, there is an inherent trust that the link will be legitimate.”

But there are several ways to protect yourself, your reputation, and your computer from malware or mal-links disguised by short URLs.  These are simple to use, fast to implement, and could save you time and embarrassment in the future.

For goo.gl or bit.ly links you can see where the link goes by adding a + after the address.  So, this morning’s post by @darrenmccarra was given the bit.ly URL http://bit.ly/mTfUJn, you can see where this link goes by adding the plus sign after the link in your URL bar – http://bit.ly/mTfUJn+ – this will show you the full URL for the link.  You can also do this for Google’s goo.gl link shortener service.

But for a more universal security check you can use URL X-Ray. This site acts as a search engine for the long link, it is designed to uncover the full links from short ones.  By entering the short URL above (the one without the + sign) URL X-Ray shows that the links to this website.

But the strength of URL X-Ray comes from its bookmarklet.  A bookmarklet is a small piece of JavaScript that can be placed in your browser’s bookmarks/favourites folder.  It looks like a regular bookmark but instead of opening a webpage it performs an action; in this case the URL X-Ray bookmarklet allows you to test any short URL from the page you are currently reading, without the need to head over the URL X-Ray website.

URL X-Ray bookmarklet
URL X-Ray bookmarklet

To use the bookmarklet just drag the link, found here, on their website to your browser’s bookmark bar or menu (in Internet Explorer right-click the link and select Add to Favourites).  All you have to do now is click the bookmarklet and copy in any short URL – URL X-Ray will show you the full address.

The simplicity of this method means that you can test any address to be certain that those “Is this you in this picture,” “Is this you in this photo,” or “Is this you in this video” links are genuine or fakes.


  1. Lawyer or attorney Victorianne Musonza, Lawyer At Laws, Licensed in NY And NC, Maxwell Law Office, PLLC is accepted to rehearse rules
    in Rhode – Tropical isle and Massachusetts, so the Federal government Section Courts, which is
    a member of the Pub of the us Superior Court. Outsourcing accounting services for small
    business owners is workable for those who want to turn their focus on their
    companies and find a way to maximise their profitability.
    Not sure if the IRS has a copy of a 1099 or W-2 wage statement.

  2. I don’t know the way I appeared right here, on the other hand imagined this kind of post once was beneficial.. Οικονομική και γρήγορη επισκευή οθόνες laptop. Διαθέτουμε μεγάλο stock από οθόνες για κάθε laptop, ώστε να μην αποχωριστείτε καθόλου τον αγαπημένο σας φορητό υπολογιστή. I wouldn’t recognize that you could be nonetheless surely you are likely to a new well-known blogger whenever you are not already. Kind regards!

Leave a Response

Piers Dillon Scott
Piers Dillon-Scott is co-editor of The Sociable and writes about stuff he finds. He likes technology, media, and using the Oxford comma (because it just makes sense).