Originally published August 22, 2018
When I read the tweet earlier this week announcing a free webinar on small business cyber safety, I wanted to learn more about it.
I’ve attended several of the organization’s webinars in the past, so I knew I would walk away with actionable security tips.
But when I selected the shortened link in their tweet, something unexpected happened.
The link went to one domain I didn’t recognize, which forwarded to another domain.
And then another domain.
Until it finally displayed a link to a survey site.
Which had nothing to do with the webinar.
The shortened link had forwarded to four different domains!
None of the domains were owned by the organization announcing the webinar.
I knew something was wrong.
After visiting their website, I found the page for the upcoming webinar.
And replied to their tweet asking about the link:
Is that the correct link? The https://t.co/oj0Ozpw7qo link in that tweet redirects to 4 different domains before sending me to a survey site. Is this correct link for the Sept 11 event? https://t.co/a5vzB2iTXQ
— Deborah Edwards-Onoro (@redcrew) August 20, 2018
Their reply was quick.
It is not. Thank you for alerting us. All promotion including this link is being taken down immediately.
Oops! Glad they acted quickly to remove the malicious link.
Did you notice the organization was StaySafeOnline, powered by the National Cyber Security Alliance?
I have no idea what happened or how an organization that helps everyone learn how to stay safe online managed to have a link that redirected to four different domains and not their own site.
But it proves one thing: a malicious shortened link can happen to anyone or any organization.
Shortened URLs Save Time, But…
So what do you do?
While shortened URLs can save you characters when you’re sharing a URL, they can be dangerous.
The link you select, as demonstrated with what happened to me earlier this week, can take you anywhere.
And that anywhere could be the exact spot a hacker or spammer wants you to visit, so they can install a:
- Tracking app
on your digital device.
Or, that shortened link could be pointing to an 1GB PDF file that is immediately downloaded.
Which might not be an issue on your desktop.
But if you’re on a mobile device, and your expectation was the link was directing you to a web page, you’re going to be pretty frustrated with a 1GB download eating up your monthly data plan.
As with many things on the web, you want to take steps to protect yourself.
Read on to discover three methods to uncover the original site the shortened URL is pointing to.
Three Ways to Expand Shortened URLs
Everyone has different ways of working and information they want, so I’ve listed three options for expanding shortened URLs.
I’ve been a fan of DuckDuckGo, the search engine that protects your privacy, for years.
And I’ve discovered DuckDuckGo has a few more features beyond searching; earlier this year I discovered DuckDuckGo has cheatsheets to make your coding easier.
So I wasn’t too surprised to discover DuckDuckGo has a feature where you can expand shortened URLS.
Enter “expand shortened-url.com” in their search box and DuckDuckGo will display what the expanded URL points to.
One of the easiest URL expanders to use, DuckDuckGo doesn’t offer a lot of other information, but it does the job quickly.
I was disappointed, especially since MailChimp offered no notice that the service was shut down. I sent multiple messages to them, until I finally received a reply confirming Unfurlr was no more.
So I’ve searched online for another helpful URL expander service.
I only discovered the free Unshorten.It site this month, and it’s become one of my favorite sites for expanding short URLs.
Simple to use, you add the shortened URL to their Unshorten.It form field and you’ll quickly receive the expanded URL, along with other helpful info including:
- Page description
- Safety ratings
- Screenshot of the page
- HPHosts blacklist listings
According to their website (as of July 2019), extensions for Opera and Safari are under development.
I’ve only used LinkExpander a few times, but it has some features I really like.
It works similarly to Unshorten.It; you enter the shortened URL you want to expand, and LinkExpander displays the original site URL.
In addition, LinkExpander offers:
- Thumbnail image of the URL (in the screenshot I shared, it’s the thumbnail image of a PDF)
- Trust Level of the URL
- Description or keywords, if they exist on the original site
- Whether URL is listed in SpamCop, which lists blacklisted sites
Selecting the Trust Level link directs you to SiteAdvisor, a McAfee online safety check, which scans the URL for any safety issues.
Shortened URLs can easily mask a malicious site and lead to problems. You always want to know where that shortened link is leading you to.
Use any of the three options I described to expand the shortened URLs you see online. And let me know which ones you like best.
Do you have favorite options for expanding shortened URLs? Share your recommendations in the comments.