Know before you click.
Yes. In fact, there are a couple of ways.
But first, let’s talk about links in email and short links (or “shortlinks”) in general.
Become a Patron of Ask Leo! and go ad-free!
A Shortlink's Destination
Shortlinks, as the name implies, are shorter representations of longer URLs that are easier to type and less error-prone. Since they also hide the target URL, they can be misused. Popular services like bit.ly and tinyurl.com have features allowing you to examine a shortlink’s destination without the need to click. There are also services like GetLinkInfo.com that show the target of any shortlink.
Be skeptical of links in email
This is an excellent time to remind you to be extra cautious when clicking links in email.
If the link is obviously spam or you don’t trust where it came from, it’s simple to assume it’s bad, not click on it, and get on with your life.
Sometimes it’s not obvious. Some clues about the email might be:
- Not addressing you by name.
- Having a message that seems out of character for the person sending you the mail, such as a terse “look what I found” type of statement.
- Having no text at all, just a link.
- Having a name you recognize in the From: field, but (if displayed) a corresponding email address that is clearly wrong, or one you’ve never seen before.
All of these are possible clues that the email isn’t what it claims to be and that all links should be avoided. They could lead to scams, malware, phishing attempts, and more.
Shortlinks
URLs, or Uniform Resource Locators, are those strings beginning with http: or https:. They tell a web browser the website or page you want to view.
Sometimes URLs can be quite long. For example, here’s a URL for a Google map of Microsoft’s location in Redmond:
The problem with long links is they often break when they’re wrapped to fit a particular line length, window, or screen size, particularly when sent in email. And of course, they’re almost impossible to remember or type correctly if you need to for some reason. They’re also often too long for length-limited situations like Twitter.
Enter “shortlink” services. They allow you to create short, manageable URLs redirecting to longer ones. For example:
https://go.askleo.com/msredmond
This is a shortlink (using my own service) taking you to the longer URL listed above. It’s easier to type, easier to remember, and not prone to break in email programs and elsewhere.
There are many link shortening services; examples include TinyURL and Bit.ly.
The problem with a short URL is it’s not obvious where it’ll take you until you click. They’re often also referred to as “cloaking links” because they hide, or cloak, the final destination.
Typically, the only way to find out where this link goes is to click on it: https://go.askleo.com/mystery. That one’s safe, but there’s no way to know for sure — perhaps until it’s too late.
If you have reason to be concerned, suspicious, or skeptical about a link, it’s not unreasonable to want to know where it goes before you click.
Determining a shortlink’s destination
Some services have preview features. For example, if you visit tinyurl.com/preview.php, TinyURL will let you turn on a cookie-based feature in your browser. With this feature on, every time you click on a TinyURL link you will be shown where it goes prior to going there.
Bit.ly includes something similar. Simply add a plus sign to the end of the URL, and Bit.ly will display where you would have gone rather than taking you there. If you’re given the shortlink https://bit.ly/3gAa7d9, then add a plus sign and go to https://bit.ly/3gAa7d9+ for a page with the true destination of the link.
There are also sites to show you where any shortened link will take you. One current1 example is GetLinkInfo.com. If you enter https://go.askleo.com/mystery into GetLinkInfo.com, you’ll see the eventual target URL you would be taken to if you clicked on the link.
The bottom line, really, is to stay away from mysterious links sent to you through spam. But when you receive a shortened link from a trusted source and you aren’t sure why, investigate with these preview tools.
Addendum: it’s more than shortening
You might notice that, for example, my link to GetLinkInfo.com runs through my own link shortener: https://go.askleo.com/getlinkinfo, actually making it longer. I use my own shortener for two additional purposes:
- If the destination ever changes, I can update the shortener with the new URL. I do this often with technical and other articles I link to, since some sites (looking at you, Microsoft) often change where pages are located. With a single change to the shortener, all the places I’ve used the shortlink now go to the correct updated URL.
- I can track how many times the link is clicked. This can be valuable to see how much interest a particular topic might have to my readers.
When it comes to spam, however, this is yet another case of valuable technology — link shortening — being used for purposes other than what was originally intended.
Shortlinks aren’t bad in and of themselves, but they can be abused, and thus often warrant a little extra caution.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
Footnotes & References
1: Unfortunately, these services come and go.
I don’t do a lot of tweeting or whatever else might require the use of link shortening (I’m still an old-school emailer and haven’t taken to FB yet). I’ve wondered about this, because like the original poster, I too hover over links to see where they’re really taking me. I didn’t know about the previews OR the “longurl.org” location. Once again Leo, you’ve enlightened this middle-aged IT guy who just hadn’t “dug in” to this issue. Now I know!
Thanks Leo!
I’ve always taken the position that if you send me a shortened link, I will ignore it., because I have always had the policy of knowing where I’m going and trusting where I’m going before going there. It’s nice to know that there is a way around that.
Although I still don’t understand the point of link shorteners. They are just random characters, so no one will remember the shortened link, which means that the link is just going to be forwarded around and people are going to click on it (as opposed to actually typing it in). So does it really matter how long a URL is if people are just going to forward the link and click on the link?
URL shorteners are useful for a few things. A couple of examples: Twitter limits a tweet to 140 characters, and shortening a URL makes it possible to Tweet long URLs, and some email programs also do funny things with long URLs.
Sometimes a longer link will span two (or more) lines in an e.mail message, and some e.mail systems will insert a line break that “fractures” the URL at the line break, rendering it unusable. Another reason for a URL shortener.
A fundamental question: How can a user even identify/recognize a shortened URL in the first place? Thanks…
Typically they are from specific services that you’ll learn to recognize over time (bit.ly, goo.gl, tinyurl.com and others) and/or they end without a file extension (no .html, no .jpg, no nothing), just a a bit of text. Oh, and they’re short. :-)
It’s over 3 though but ok case someone passed by to read it ..
The statement :
“They end without a file extension . No HTML . No jpg. No nothing )
Might not be a key point now. Since web developers are encouraged to hide file extensions in URLs.
Why ?
Because the user don’t care whether u developed your site in php , node , js, HTML . Or whatever …
longurl.org must not work anymore. I couldn’t access it using Chrome or Firefox.
Adding a plus + symbol after a short URL generated by goo.gl (Google’s url shortener) lets you view a webpage with information about the short URL including a preview of the longer URL. If the longer URL isn’t totally visible, hover over it and look at the bottom left corner to see the entire URL.
One question that comes up now is, will a URL still break in an email or other application? I’d be surprised if they still did. Now, shortened URLs are mainly useful for Twitter where a URL can exceed the character limit for a Tweet, or simply to create less clutter.
They do still break. Regularly.
Not all broken URL’s are broken due to wrapping. We use Outlook 2010 in our office and I have an example of a “one-off” that caught a user in my office. As you know, copy/pasting a URL from a working web page into an Outlook email body, Outlook will generate the hyperlink automatically, in that the displayed text and the hyperlink to a URL are identical. This particular instance, a sales rep in our office was trying to send a link for our website to one of her clients. Copy/pasting it into an Outlook email, the very last character of the URL was being ignored (I don’t recall exactly what the character was, this was a few years ago) so the auto hyperlink that was created was a broken link. I caught it because I’m the IT guy here but the average user wouldn’t have noticed it. Had she copy/pasted into a tinyurl, the link would have worked.
Most of the time when only one character is truncated from the URL, it’s probably due to an error in highlighting the whole URL.
This was helpul and I used the first site you posted already to check out an url. The first one works! Thanks!
Hi all,
One technique I find very helpful: If I get a suspicious link that reads something like https://go.askleo.com/mystery, if I don’t want to reject it outright, what I would do is copy https://go.askleo.com into my browser and see where it takes me. If it seems legitimate, I’d feel free to click on the link in the email.
Norm
This whole discussion could be about QR codes. Nobody knows what they contain to either.
Leo,
Sorry to say this is not one of your clearest “guides”.
I guess I spent 20 mins trying to absorb what is in essence is very simple.
The quickest & most convenient solution is much less obvious, & you do not make much effort to recommend or rate what offerings you spread through the post.
I eventually added the Chrome extension.
As it happens it now just fits on what I believe is called the bookmarks bar.
This does shorten links but I can’t see how it conveniently shows me where a short link will go.
Honestly I am playing around rather than following something you have carefully researched – you did didn’t you?
Leo I think it is time to update what is spam.
You say it might be spam if not addresses directly to you by name.
Well that is well gone for me at least.
I have always been very suspicious of joining online newsletter groups or entering an online prize draw because those are classic harvesting machines for real live IDs & email addresses.
I will use shortened versions or misspelled versions of my name or nickname to see how long it takes for it to come back to me as spam. It’s an interesting little distraction to see who is not acting in accordance with the rules for private & personal information legitimately provided on the internet.
However, recently my real name began appearing in horrendous spam, I’m talking the whole kit & caboodle of porn spam.
What can I do? Change my name? Change my every detail? They have me now.
Someone whom I decided was trustworthy, gave away(sold) my real details without a care in the world to know where those details were going to.
If I could find a trail I would follow it to nail the company that sold my real details. There aren’t many of them because I don’t trust most companies but one imagines they can trust their bank or their local council office where they pay their municipal rates & taxes.
Some such ‘mob’ has not played by the rules for the preservation of private & personal information.
So just because an email is addressed to you by name does not make it a real email.
There is really no way to figure out how you got on various spam lists. Leo has a lot of other articles about spam that you may find intersting: https://askleo.com/how_do_i_stop_all_this_spam/
You need a disposable email generator, such as 33 Mail, Blur or Not Sharing My Info. Never give a “real” email address to someone you don’t know and trust. Create a new address for each entity or website out there which asks for your email. This way, if it’s abused, you can kill it with no remorse.
I use http://redirectdetective.com/ it traces and shows you the full path to the shortened URL
I got to this article from a link from AskLeo on Facebook. I found it interesting that this Facebook link was also a… shortened URL, leading to this article that explained to be cautious with shortened URLs… :-) https://go.askleo.com/b/10356
Ironic, indeed. :-) But hopefully the domain “go.askleo.com” is a somewhat trustworthy clue.
I use a url unshortener tool called https://linkunshorten.com/. It shows if the final destination URL is malicious and shows a screenshot preview before you navigate to the link.