Shortened URL Security - Information Security Office - Computing Services - Carnegie Mellon University (2023)

Shortened URLs, such as those from and make it easy to type in a web address quickly, but difficult to determine where the web browser will actually take you. Criminals will use shortened URLs to direct victims to phishing sites or initiate a download of malicious software on to your device.

(Video) Learn Live - Cloud Security with Carnegie Mellon University and Microsoft Learn

If you are suspicious of a shortened URL, don't click it. Use the tips on this page to help you determine the true path of a shortened URL.

(Video) Best Practices for Security in Cloud Computing

Before You Click, Reveal Full URLs

There are a number of ways you can reveal the full URL behind a shortened URL:

(Video) Security and Privacy?

  • Use the shortening service preview feature. Type the shortened URL in the address bar of your web browser and add the characters described below to see a preview of the full URL:
    • Between the "http://" and the "tinyurl", typepreview
      • Example:
    • At the end of the URL, type a+
      • Example:
  • Use a URL checker. These are a few of the sites that allow you to enter a short URL and view the full URL:

Before You Shorten a URL, Consider Alternatives

  • Use descriptive link text with the full URL. In emails and on web pages, it is best to use descriptive link text with the full URL behind it. This lets people know where they will be directed to once they click. They are able to hover their mouse cursor to see the full URL. It is also a recommended best practice for accessibility, because it provides people who user screen readers with clear, complete information.
  • Don't use a shortened URL if people must log in. If you are directing people to a page that requires login, let them see the full URL and tell them login will be required.
  • Be clear about the destination when you must use short URLs. On social media platforms, such as Twitter, you may need to use a shortened URL to stay within a character limit. It is helpful to let people know where the short URL will take them.
(Video) CYBER4


Is it safe to click on shortened URL links? ›

Shortened URLs, such as those from and make it easy to type in a web address quickly, but difficult to determine where the web browser will actually take you. Criminals will use shortened URLs to direct victims to phishing sites or initiate a download of malicious software on to your device.

What are the security issues with URL shortener? ›

The security risk with a shortened URL is you cannot tell where you are going when you click the link, you have to trust the sender. As a result, some organizations teach their employees not to trust shortened URLs, or simply block them at their network gateway. This poses a problem for the OUCH!

How do I preview a short link? ›

If you want to preview the destination link of a URL, just add a plus sign to the end of their shortened link. For example, preview the destination link of by visiting instead.

What should you do with a compressed URL? ›

In general, do what you can to make it clear to people where they will go if they click or type the URL you provide.
  1. Use descriptive link text with the full URL. ...
  2. Don't use a shortened URL if people must log in. ...
  3. Be clear about the destination when you must use short URLs.

Can you be tracked by clicking a link? ›

It can be used to figure out roughly what city you probably are in, but it won't get any more precise than that. Unless they discovered some major vulnerability in your browser, your device or in Google Maps, they can't figure out where you are just because you click a link.

Can clicking on a link infect your computer? ›

Yes, you can get a virus just from visiting a website. These days, it's very easy to be overconfident in our abilities to avoid computer viruses. After all, many of us were told that we simply had to avoid files and programs we didn't recognize. If an email came through that looked fishy, we didn't open them.

Are URL shorteners worth it? ›

If you're looking for a different way to use social media marketing and track your efforts, a URL shortener can help streamline your links, add legitimacy, and so much more. It's interesting how the length of a URL, or the characters seen in one, can really impact the legitimacy of how that URL comes off.

What is a URL shortener example? ›

An URL shortener is a website that reduces the length of your URL (Uniform Resource Locator). The idea is to minimize the web page address into something that's easier to remember and track. There are many URL shorteners on the market today, including, Goog. le and

What is the most popular URL shortener? ›

10 of the best link shorteners
  1. is the ideal free URL shortener for online content creators who want to increase their revenue and customer base. ...
  2. Sniply. ...
  3. ClickMeter. ...
  4. Cuttly. ...
  5. Bitly. ...
  6. TinyURL. ...
  7. T2M. ...
  8. Tiny.CC.
Nov 9, 2022

How do I get more clicks on short links? ›

4 Ways to Boost Business with URL Shorteners
  1. Short URLs Build more engagements – 39% more clicks than long URLs. ...
  2. Tracks the Number of Clicks, their Location, and Time. ...
  3. Helps in Making the Message Look Better – Adds More Value. ...
  4. Helps in Recognizing Your Brand. ...
  5. Drives Maximum Traffic. ...
  6. Rebrandly. ...
  7. Bitly. ...
  8. Google.
Feb 8, 2021

How do I use a short URL? ›

Go to Paste the long URL and click the "Make TinyURL!" button. The shortened URL will appear. You can now copy and paste it where you need it.

How do I know if a link is safe? ›

Use a website safety checker

To find out if a link is safe, just copy/paste the URL into the search box and hit Enter. Google Safe Browsing's URL checker will test the link and report back on the site's legitimacy and reputation in just seconds. It's that easy to use Google's URL scanner.

What happens if a URL is too long? ›

An overly long URL can cause both usability and search engine issues: Any potential benefit you may have by including keywords in the URL will be diluted since it's such a small percentage of the total URL text. Longer URLs are truncated by search engines, in web browsers, and many other areas.

What are the 5 main components of a URL What are the purpose for each component? ›

The components of a URL
  • A scheme. The scheme identifies the protocol to be used to access the resource on the Internet. ...
  • A host. The host name identifies the host that holds the resource. ...
  • A path. The path identifies the specific resource in the host that the web client wants to access. ...
  • A query string.
Jun 27, 2019

What if I accidentally clicked on a suspicious link? ›

If you clicked on a phishing link that took you to a spoofed page entered personal information or credentials, then you'll need to change your passwords and contact your security team for further advice. Another danger is that attackers usually know whether or not you clicked on the link.

How can I find someone's location by their mobile number? ›

If the number is registered, then simply follow the below procedure:
  1. Open the Google maps page on your android or tablet.
  2. Sign in to your Google account.
  3. Search for the contact number you want to find.
  4. Choose the number that you wish to track.
  5. The contact details will be available to you at the bottom of the screen.
4 days ago

How can I track someone using their IP address? ›

Through a useful internet tool called IP Geolocation Lookup, you can track an IP address close to someone's exact location. You can get pretty close, depending on a variety of factors, to finding the physical location of someone's IP address.

Can an iPhone be hacked by visiting a website? ›

iPhones can get hacked from websites, which is why it's best to use antivirus software to scan for malicious sites.

Can you get hacked by clicking on a URL? ›

By interacting with a phishing link, you run the risk of accidentally downloading malware, or being redirected to a malicious website controlled by hackers who intend to collect user information.

Can your iPhone get hacked by clicking on a link in email? ›

Just like on your computer, your iPhone can be hacked by clicking on a suspicious website or link.

Do link shorteners last forever? ›

Do shortened URLs expire? Some do, and some don't – it depends on the URL shortener service you're using. Some providers claim their shortened URLs don't expire. For example, TinyURL says its shortened URLs will never expire.

Do shortened URLs last forever? ›

According to the website, the shortened URLs will never expire. TinyURL offers an API which allows applications to automatically create short URLs.

Why did Google discontinue URL shortener? ›

On April 13, 2018, anonymous users and users who have never created short links would not be able to generate new short links via the console. They recommended users switch to other popular URL Shorteners. Google shut down its service to focus on Firebase Dynamic Links or FDL.

What is important to know about shortened URLs? ›

Abbreviated links obscure details about the URL destination and can secretly house malware—or when clicked—take you to an illegitimate site. Unlike with a normal URL, hovering over a condensed link won't reveal telling details. You don't know where it leads until you click it.

Which URL shortener should I use? ›

Bitly is one of the most popular and best all-around URL shorteners. The free account offers customizable back-half links, plus link history and reporting for individuals. But the premium editions excel with a complimentary custom domain, branded links, bulk link shortening, link redirects, QR codes and a UTM builder.

What is URL shortening system? ›

URL shortening is a technique on the World Wide Web in which a Uniform Resource Locator (URL) may be made substantially shorter and still direct to the required page. This is achieved by using a redirect which links to the web page that has a long URL.

Which is the best free URL shortener? ›

Top 10 Free URL Shortener in 2023
  • Bitly.
  • Rebrandly.
  • BL.INK.
  • GoLinks.
  • T2M URL Shortener.
  • Lnnkin.
  • Jelly URL.
  • JotURL.

How do I get maximum clicks? ›

Point being, make your first words good. Make them so good — so relevant and valuable — that they can't be ignored.
How to Make Your First Words Too Good to Ignore
  1. Leverage the “Curiosity Gap” ...
  2. Apply the “Scarcity Principle” ...
  3. Use Numbers. ...
  4. Share Something Surprising. ...
  5. Ask a Question. ...
  6. Promise Value.
Aug 20, 2018

How much can I earn from short links? ›

linkvertise is the top url shortener that pays up to 70 dollar per 1000 views. You can earn it by sharing the short link and referral link. Instead of wasting time on social media, save time and promote a Short link to earn money.

How do I increase my clicks? ›

4 tips to improve CTR
  1. Optimize your headline and copy: Use one or two focus keyword(s) in your headline and copy. ...
  2. Include CTAs: Write a direct and compelling call to action. ...
  3. Use images: Using visuals is a great way to increase CTR. ...
  4. Try using hashtags:

Why do people use link shorteners? ›

Link shorteners provide analytics to show you who has clicked your links, and they're often available through a centralized dashboard view. This valuable data on your posts should be integrated into your content strategy to help you create more of what resonates with your target audience and less of what doesn't.

How do I edit a short URL? ›

How to Edit a Destination (Original) URL
  1. Log in to account.
  2. Go to your short URL list.
  3. Click Edit.
  4. Edit the “Original URL” field in the “Edit Short URL” pop-up.
  5. Save.

Can I make my own URL shortener? ›

You can build a URL shortener with any programming language and database. In this tutorial, we will use HTML, JavaScript, PHP, and MySQL.

What do suspicious links look like? ›

Suspicious links

You can spot a suspicious link if the destination address doesn't match the context of the rest of the email. For example, if you receive an email from Netflix, you would expect the link to direct you towards an address that begins ''.

How do I know if a link is phishing? ›

Use a Link Scanner

You can also check a link for phishing with a link scanner to ensure it's safe before performing any action on the site. A link scanner is a handy tool that helps you identify known malicious links to avoid clicking on them. Besides checking the link, some link scanners will examine the images, too.

How do you check if a link is tracked? ›

URL checker (Link expander)

Using URL Checker tool you can check if it's safe to click on the link, see all hidden redirects behind that link, get information about any IP addresses and locations associated with the link, and see if that link is detected as not safe by the leading Internet Safety Services.

What is URL and give 3 example? ›

URL is an acronym for Uniform Resource Locator and is a reference (an address) to a resource on the Internet. A URL has two main components: Protocol identifier: For the URL , the protocol identifier is http . Resource name: For the URL , the resource name is .

What are the two main parts of a URL called? ›

It is also referred to as a web address. URLs consist of multiple parts -- including a protocol and domain name -- that tell a web browser how and where to retrieve a resource.

What are the 6 components of URL? ›

A typical website has at least 3 parts in its URL like but some complex URLs might also have 8 to 9 parts namely scheme, subdomain, domain name, top-level domain, port number, path, query, parameters, and fragment.
  • Scheme : https:// ...
  • Subdomain : ...
  • Domain Name :
Jun 29, 2021

Is it better to have a longer or shorter URL? ›

By shortening and simplifying your URL structure you'll make navigating and expanding your site much simpler. If you have long and confusing URLs it'll be harder for the search engine bots to crawl your site, and you'll have greater difficulty creating a logical and intrusive website experience.

How many times can you change your URL? ›

You can change the destination URL as many times as you would like.

What is the maximum limit of URL? ›

The official documentation specifies a maximum length of 2048 characters for the <loc> element, which is used to submit URLs: URL of the page. This URL must begin with the protocol (e.g. “http”) and end with a trailing slash if required by the web server. This value must not exceed 2,048 characters.

What are the 3 types of URL? ›

type: It specifies the type of the server in which the file is located. address: It specifies the address or location of the internet server. path: It specifies the location of the file on the internet server.

What are the 9 possible parts of a URL? ›

The 9 parts of a URL are the protocol (or scheme), subdomain, domain name, top level domain, port, path, query, parameters, and fragment. The protocol, also known as the scheme, is the first part of a URL.

What is the best example of URL? ›

URL: Did You Know It Stands For Uniform Resource Locator? A Guide With Examples
  • Example 1:
  • Example 2:
  • Example 3:
  • Example 4:

Is Google URL shortener safe? ›

Among the numerous services used to shorten inks, some are more reliable than others. The Google and services are among the most secure, though not so much so that you can confidently click them if the source is unknown.

Why would someone use a URL shortener? ›

An URL shortener ensures that you get the right messages out to your audience without taking up too much space in your social posts. Additionally, tools like Make it easier to share your content: Simplified and branded URLs tell customers everything they need to know about your site.

Is it safe to use Cutt Ly? ›

Cuttly has its own security system: Cuttly Safe Redirecting, which actively cares about security. Cuttly is GDPR compliant. Cuttly does not send spam (Cuttly not spamming). Cuttly is not a scam.

How do I know if my Bitly link is safe? ›

If you aren't so sure about where one will take you, you can verify a link's destination before clicking on it. To check where a Bitly link will take you, add a plus symbol ("+") at the end of the URL. If you feel it's safe, you can then click through to the destination page or copy the shortlink.

How long do shortened URLs last? ›

According to the website, the shortened URLs will never expire. TinyURL offers an API which allows applications to automatically create short URLs.

Should I shorten my URL? ›

Short URLs make it easier for your readers to share your content. Think about it, if you have a long and confusing URL, it is going to look weird when shared across Facebook, Pinterest, or in an email. Not to mention the fact that it'll be less memorable.

Can Bitly give viruses? ›

While there are many benefits that come with using URL shortening services like Bitly, there are also some security risks users should be aware of. One of the main ways that cyber criminals take advantage of URL shorteners is by spreading malware or worms through the shortened links.

What is Cutt ly used for? › is a URL shortening service and a link management platform that also allows adding branded domains. allows you to track, simplify, and manage your links.

Does Bitly hurt SEO? ›

No. Using Bitly, which is a 301 redirect, does not hurt your SEO.

What info does Bitly track? ›

Using your dedicated Bitly account, you can track the total number of clicks, where they came from, and when they visited.

How do I see what's behind a Bitly link? ›

The trick is to simply add a "+" to the end of any Bitly URL. When you add the "+" the URL will redirect to Bitly instead of to whatever the original URL was. That will then show you the Bitly page on which the shortened URL is hosted and will show you what the original link was.

Why is Bitly blocking my website? ›

To protect you from abuse or harmful content, Bitly will block a link when it is flagged as suspect or known to lead to a malicious page. There are many reasons why we might investigate a link. For example: A Bitly user or a blocklisting service has reported a problem with the destination page.


1. Cloud Security with Carnegie Mellon University and Microsoft Learn
(Microsoft Reactor)
2. Secure Software Development Landscape
(Software Engineering Institute | Carnegie Mellon University)
3. Software Engineering Institute | Carnegie Mellon University Live Stream
(Software Engineering Institute | Carnegie Mellon University)
4. NCF 49 DHS on Critical Infrastructure Cyber Security
(Logic Central)
5. Cyber Security for the Department of Defense w/ David Brumley (ForAllSecure)
(Aaron Watson Business )
6. Zero Trust Journey
(Software Engineering Institute | Carnegie Mellon University)
Top Articles
Latest Posts
Article information

Author: Cheryll Lueilwitz

Last Updated: 09/06/2023

Views: 5472

Rating: 4.3 / 5 (54 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Cheryll Lueilwitz

Birthday: 1997-12-23

Address: 4653 O'Kon Hill, Lake Juanstad, AR 65469

Phone: +494124489301

Job: Marketing Representative

Hobby: Reading, Ice skating, Foraging, BASE jumping, Hiking, Skateboarding, Kayaking

Introduction: My name is Cheryll Lueilwitz, I am a sparkling, clean, super, lucky, joyous, outstanding, lucky person who loves writing and wants to share my knowledge and understanding with you.