Shortened URL Security

Why “Online Safety” accounts need to stop using shortened URLs | by Scott  McGready | Medium
Shortened URL

Shortened URLs, such as those from and, make it easy to type in a web address quickly but hard to tell where your web browser will actually take you.

  • Before clicking a shortened URL, check for the full URL. Most URL shorteners—including those used at U-M—include a preview feature. If you aren’t sure it is safe, don’t click!
  • Before creating or sharing a shortened URL, consider alternatives. If you must use one, make clear where it goes.
  • Be aware that criminals use shortened URLs to direct people to phishing sites and initiate malware downloads.

Before You Click, Reveal Full URLs

There are a number of ways you can reveal the full URL behind a shortened URL:

  • Use the shortening service preview feature. Type the shortened URL in the address bar of your web browser and add the characters described below to see a preview of the full URL:
  • Use a URL checker. These are just a few of the sites that let you enter a short URL and then see the full URL:

Before You Shorten a URL, Consider Alternatives

Some people will be suspicious—and rightly so—if you use shortened URLs in email or in your online or print materials. In general, do what you can to make it clear to people where they will go if they click or type the URL you provide.

  • Use descriptive link text with the full URL. In emails and on web pages, it is best to use descriptive link text with the full URL behind it. That lets people know where they will go if they click; they can hover over the link with their mouse to see the full URL. It is also a recommended best practice for accessibility, because it provides people who use screen readers with clear, complete information.
  • Don’t use a shortened URL if people must log in. If you are directing people to a page that requires login, let them see the full URL and tell them login will be required.
  • Be clear about the destination when you must use short URLs. On social media platforms, such as Twitter, you may need to use a shortened URL to stay within a character limit. It is helpful to let people know where the short URL will take them.

How Criminals Use Shortened URLs

Criminals use shortened URLs to:

  • Direct people to phishing websites—sites that ask you to log in or fill in a form and then steal your password and/or personal information. Always Look Before You Log In.
  • Initiate download of malicious software, such as ransomware, to your device.

If you are suspicious of a shortened URL, don’t click it.


Published by Blessed Tabvirwa

Residing in Gaborone Botswana, Married to my beautiful Isobel and have an awesome son Tyrecea. Hold a BSc Honours Computer Science, MCSE Data Management & Analytics, HL7 v2, v3, FHIR, Mobile Web Specialist, MEDITECH. I see Digital Technology as the enabler for the developing world to leapfrog challenges that are preventing the realization of "Health For All" in line with the UN Sustainable Development Goal #3 - Ensure healthy lives and promote wellbeing for all at all ages (

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create your website with
Get started
%d bloggers like this: