So you’ve received and email and it appears to have been sent from a known and trusted email address that contains a shortened URL. This URL could be from any of the shortening services such as bitly.com tinyurl.com or others.The link you received appears to be unsecured because it starts with “http” rather than “https” so you determine it’s not secure. But you know the sender and wonder if you should follow the link anyway. What can you do to check if the link is secure and legitimate? Well, this exact scenario happened to me today.

Here are two ways you can check that URL before clicking a malicious link:

1. If the link was generated from one of the above shortening services follow these steps:

bit.ly 

1. Right click the link and select copy or highlight the link by clicking and dragging over the link then hold down the CTRL key and tap the C key (this copies the highlighted section).

*CAUTION!* Be careful pasting the URL in your browser and be sure not to hit “ENTER” until you’ve added the + in the next step! 

2. Paste the copied link into your browser address bar adding a plus symbol “+”

Example: https://bit.ly/30jQa23+

Then hit the “ENTER” key

3. The result will show the full URL. Now check if the URL is begins with https and if so, you’re good to go. The link is secure.

tinyurl.com

1. Right click the link and select copy or highlight the link by clicking and dragging over the link then hold down the CTRL key and tap the C key (this copies the highlighted section).

*CAUTION!* Be careful pasting the URL in your browser and be sure not to hit “ENTER” until you’ve added the “preview.” in the next step! 

2. Paste the copied link into your browser address bar but insert “preview.” between http:// and the copied URL.

Example:  http://preview.tinyurl.com/ycquq7t6 

Then hit the “ENTER” key.

3. The result will show the full URL. Now check if the URL is begins with https and if so, you’re good to go. The link is secure.
4. There are several web applications that offer link checking services for free. Simply copy and paste the link into the box made available when you go to one of the following sites:

getlinkinfo.com

unshorten.it

urlxray.com

In conclusion, clicking unfamiliar links is always risky. Bad actors embed malware including ransomware in URLs and send them to unsuspecting recipients to extort or otherwise exploit their victims. You should always check links that are not secure or that are unfamiliar or unexpectedly sent to you.