Avoid the security risk of shortened URLs
By Fred Langa
http://windowssecrets.com/top-story/avoid-the-security-risk-of-shortened-urls/
The compact URLs produced by services such as TinyURL, bit.ly, is.gd, and many others are convenient and save space, but they can also be used to hide the identity of malicious sites.
Fortunately, there are several ways to peek behind a shortened URL to see exactly where the link will take you — before you click it!
In fact, every URL-shortening service I’m aware of offers one or more ways to preview the real destination of a shortened link.
For example, here’s a typical bit.ly URL that I created. All it does is take you to the windowssecrets.com home page, but there’s no way to know that in advance — it’s a blind link:
Let’s say that (gasp!) you don’t trust me, so you want to see where the link really goes before you click it.
It’s easy: all you have to do is copy the link, paste it into the address bar of any browser window or tab, and add a plus sign to the end, like this:
Adding a plus sign to the end of any bit.ly URL brings you to a special bit.ly page that shows you information about the link, including the full, expanded URL. Using the information on that bit.ly page, you can decide whether the link is safe and worth following.
TinyURL has a similar option. But instead of adding a plus sign at the end of a link, you prepend the word preview. For example, here’s a regular TinyURL link to the Windows Secrets home page:
Copy that link into the address bar of your browser and add the word preview:
Meds4world sells all the products at a very cheap price, it is probably fake or a generic version of the FDA approved drug usa cialis , which was introduced by Pfizer in the year 1998 primarily for treating heart problems. The next morning, strain the liquid and drink it when symptoms occur. 2. online levitra viagra for women Pat is next to Brandon’s side every step of the whole process. Urologists have a specialized knowledge and skill to assess your complaint is get viagra no prescription termed as an osteopath.
http://preview.tinyurl.com/6u5ba
Now the link will bring you to a preview page that displays the full, expanded URL.
TinyURL also offers a cookie-based option that makes previewing automatic for every TinyURL link you click. To set the (harmless!) preview cookie on your PC, click here:
http://tinyurl.com/preview.php?enable=1
All the major URL-shortening services have similar ways of letting you preview what’s behind their URLs. Security researcher Joshua Long has compiled an excellent free guide, “How to preview shortened URLs (TinyURL, bit.ly, is.gd, and more).”
Of course, if you’re checking lots of links, it can be clunky to manually copy, paste, and edit URLs. Several sites offer automated scripts to make things a bit easier. For example, when you encounter a suspicious short URL, you can click to Longurl (http://longurl.org), ExpandMyURL.com (http://www.expandmyurl.com/), or Long URL Please.com (http://www.longurlplease.com/).
Paste the suspect short URL into these sites’ dialog boxes, and they’ll show you the full, expanded link.
You also can Favorite or Bookmark those sites to further automate the process of link-checking.
Going a step further, Firefox users can install the bit.ly preview add-on (download site) to allow previewing of short URLs without needing to leave the page you’re on. Despite the name, the add-on works for many URL-shorteners — not just bit.ly.
Chrome users can download (http://chrome.google.com/extensions/detail/iabeihobmhlgpkcgjiloemdbofjbdcic) a similar extension for that browser.
I know of no fully automated preview tools for Internet Explorer, although several URL-shortening apps are available in the Microsoft IE Add-ons Gallery (http://www.ieaddons.com/en/search). Just type url into the search bar.
Note that this level of link-checking usually isn’t needed when you’re clicking on normal links from sites and people you know and trust. But it’s smart to be wary of suspicious links or links with unknown provenance.
When in doubt, check it out!