How to Test a Suspicious Link Without Clicking it

The Dangers of Short Links

They're known as short links, shortened URLs, and Tiny URLs. Whatever you call them, their purpose is the same. Link shortening services such as BitlyTinyURL, and over 200 others, allow users to take a link that might be too long to post within the confines of a twitter post and generate a shorter link that redirects to the longer URL that the user wants to post.

Here's an example of what a link shortening service does:

You could take a long link such as:
http://netsecurity.about.com/od/newsandeditorial1/a/Facebook-Security-5-Things-You-Should-Never-Post-On-Facebook.htm

and use a link shortening service to make it into a nice short link that looks like this:

http://tinyurl.com/82w7hgf

Not only does the link not look anything like the original, it completely obscures the intended link destination. There is no way by looking at the short link that you can tell what the intended target link is. All you see in the short link is the link shortening service site name followed by a string of seemingly random numbers and letters.

Why is this a bad thing? If I was an Internet-based bad guy and wanted to trick you into visiting a link that would install malware on your computer, you would be more likely to fall for clicking http://tinyurl.com/82w7hgf then you would be for visiting http://badguysite.123.this.is.a nasty.virus.and.will.infect.your.computer.exe.

The tiny URL doesn't have anything in it that would tip you off to the fact that it is a malware link

Bad guys love using link shortening services to hide their malware links. Using link shortening to post malware and phishing links on social media sites is a very popular way to reach a wide audience of people who often click on things impulsively.

How can you tell where the destination of a short link leads without clicking on it first?

Before you click on that random short link you saw on Facebook, Twitter, or elsewhere, you should use a link expansion service to inspect it so you can decide whether its destination is somewhere you really want to go.

Fortunately, there are a couple of sites and tools that can help you learn where the hidden path of most any short link leads without having to visit it.

ChecShortURL is a link expansion service that lets you input a short link, such as the example above, and see what the destination link is, without you having to visit it. You simply copy the link you want to check out, go to the CheckShortURLcom site, paste the shortened link into the search field, and it will show you the intended destination of the short link.

LongURL is another link expander / extractor that is simple to use. In addition to the LongURL website that allows for link expansion, LongURL also features a LongURL Mobile Expander Firefox Browser extension that allows you to hover your mouse over a shortened link which then shows a pop-up tool tip that displays the true destination of the short link. This saves you the hassle of having to visit LongURL's website every time you want to inspect a link.

Short URLs aren't going away anytime soon. They make sense for when you are trying to stay within the character limits of Twitter posts and they are just plain handy when you have some massive link that you are trying to read someone over the phone or in similar situations. Hopefully, in the near future we will see more browser integration for link preview expansion and maybe someday we will see destination link scanning, where the destination link is compared to a list of known bad URLs so we can be warned before we make the leap of faith to visit an unknown site.


How to Test a Suspicious Link Without Clicking it

Do you have click anxiety? It's that feeling you get right before you click a link that looks a little fishy. You think to yourself, am I going to get a virus by clicking this? Sometimes you click it, sometimes you don't.

Are there any warning signs that might tip you off that a link might infect your computer or send you to a phishing site?

We're going to help you learn to spot malicious links and show you some tools you can use to test a link's safety without actually visiting it.

Here Are Some Warning Signs of Possible Malware Links:

The Link is a Shortened Link

Link shortening services such as bitly and others are popular choices for anyone trying to fit a link into the confines of a Twitter post. Unfortunately, link shortening is also a method used by malware distributors and phishers to conceal the true destinations of their links.

Obviously, if a link is shortened, you can't tell whether it's bad or good just by looking at it, but there are tools to allow you to view the true destination of a short link without actually clicking it. Check out our article on the Dangers of Short Links for details on how to view a short link's destination.

The Link Came to You in an Unsolicited Email

If you received an unsolicited email that is supposedly from your bank asking you to "verify your information" then you are probably the target of a phishing attack.

Even if the link to your bank in the email looks legitimate, you shouldn't click it as it could be a phishing link in disguise.

ALWAYS go to your bank's website by entering their address directly into your browser or via a bookmark you made yourself. Never trust links in e-mails, text messages, pop-ups, etc.

The Link Has a Bunch of Strange Characters in it

Oftentimes, hackers and malware distributors will try to conceal the destination of malware or phishing sites by using what is known as URL encoding.

For example, the letter "A" that has been URL-encoded would translate to "%41".

Using encoding, hackers and malware distributors can mask destinations, commands, and other nasty stuff within a link so that you can't read it (unless you have a URL decoding tool or translation table handy). Bottom line: if you see a bunch of "%" symbols in the URL, beware.

How to Check a Suspicious Link Without Clicking it

Ok, so we've shown you how to spot a link that might be suspicious, but how can you check out a link to find out if it's dangerous without actually clicking it?

Expand Shortened Links

You can expand a short link by using a service such as CheckShortURL or by loading a browser plug-in that will show you a short link's destination by right-clicking the short link. Some link expander sites will go the extra mile and will let you know if the link is on a list of known "bad sites".

Scan the Link with a Link Scanner

There are a host of tools available to check the safety of a link before actually clicking on it to visit the site. Norton SafeWebURLVoidScanURL, and others offer varying degrees of link safety checking.

Enable the “Real-time” or “Active” scanning option on your antimalware software

In order for you to have the best chances of detecting malware before it infects your computer, you should take advantage of any “active” or “real-time” scanning options provided by your antimalware software.

It may use more system resources to enable this option, but it’s better to catch malware while it’s trying to enter your system rather than after your computer has already been infected.

Keep Your Antimalware / Antivirus Software up to Date

If your antimalware / antivirus software doesn’t have the latest virus definitions, it’s not going to be able to catch the latest threats in the wild that might infect your machine. Make sure your software is set to auto update on a regular basis and check the date of its last update to ensure that updates are actually taking place.

Consider Adding a Second Opinion Malware Scanner

A second opinion malware scanner can offer a second line of defense should your primary antivirus fail to detect a threat (this happens more often than you would think).

There are some excellent second opinion scanners available such as MalwareBytes and Hitman Pro. Check out our article on Second Opinion Malware Scanners for more information.

Link Expander & Decrypter 

Link: http://www.linkexpander.com/

API: Request - Requests are sent to the API endpoint with the arguments using GET. 

Response - The expanded Url is sent as response using php echo function. 

Eg. 
Request - http://www.linkexpander.com/?url=http://goo.gl/tzLLGm 
Response - http://www.linkexpander.com 
http://goo.gl/tzLLGm Redirects to http://www.linkexpander.com

CheckShortURL

Type directly on website (PHP script) or call HttpRequest

GetLinkInfo
Link: http://www.getlinkinfo.com/
API: Request http://www.getlinkinfo.com/info?link=<escaped_shortened_url>&x=0&y=0
Example httprespone:
 

Link Information

Title
Wikipedia, the free encyclopedia
Description
(none)
URL
http://tinyurl.com/2unsh  more info Safe
Effective URL
https://en.wikipedia.org/wiki/Main_Page  more info Safe
Redirections
  1. http://tinyurl.com/2unsh  more info Safe
  2. http://en.wikipedia.org/wiki/Main_Page  more info Safe
  3. https://en.wikipedia.org/wiki/Main_Page  more info Safe
External Links
View (142 safe, 0 unsafe)

Comments