A URL (Uniform Resource Locator) is an address for a given unique resource on the World Wide Web. URLs makes it possible for internet-connected devices to locate and open web pages on the Internet. Institution websites, ecommerce platforms, social media networks etc. all use URLs to direct stakeholders to their web pages, an example would be https://www.cyber.gov.rw, the URL of the NCSA website.

While URLs are clear in their destination, malicious actors will leverage shortened URL links to infect people’s devices with malware. As the full URL is not revealed, it is easy for cybercriminals to hide dangerous content behind the bait of a short link.

Friends and family can unknowingly pass on unsafe links through email, social media posts and instant messages. In order to protect yourself, adopt best practices that allow you to check the safety of any shortened link before you click it.

1. Hover over the link

Use your mouse cursor to hover over a link and see the full URL of the link’s destination in the lower corner of your browser. For MAC users, to enable this tool, go to View and then select Show Status Bar. The URL-peeking status bar should now appear at the bottom left of the window any time you hover over a hyperlink on the web page.

As an example:

Hover over the links below to see that both these links connect to NCSA’s homepage, you would not have been able to know that without hovering.

short.ly

bit.link

It is important to bear in mind that this best practice should not be considered as 100% reliable as malicious actors can write code that dynamically changes the destination of a link just as it is clicked. It is best to combine this best practice with other techniques for the safest results.

2. Copy and paste the link into your browser URL address

In addition to hovering over the link to display full URLs in the corner of your browser, right click on a link you are uncertain of, click on ‘copy link address’ (or your browser’s equivalent). Then right click on your browser’s URL address bar and click paste.

This practice allows you to see the true target or destination of the shortened link. It is important here to not click ‘past and go’, as the aim is to display the true target destination that you would not have seen through the shortened link, not to visit the site before it is verified as safe.

3. Use a URL checker

URL checkers are tools that scan shortened links to see if they redirect to fraudulent or malicious sites. Some examples of URL checkers that can be used are:

• Virus Total https://www.virustotal.com

• URL Void https://www.urlvoid.com/

A simple google search can provide you with various options to choose from, where you can then find your choice of preferred URL or safe link checker.

4. Preview shortened links

Some of the more popular link shortening services allow you to see a preview of the link destination through their website by adding certain characters to the shortened links in your browser URL address bar.

Type the shortened URL in the address bar of your web browser and add the characters outlined below for these two examples to see a preview of the full URL:

• tinyurl.com

Between the "https://" and the "tinyurl," type ‘preview.’ and hit enter.

Example: https://tinyurl.com/4wkmhpzt becomes https://preview.tinyurl.com/4wkmhpzt to view a preview of the true link destination.

• bit.ly.com

At the end of the URL, type a + and hit enter.

Example: https://bit.ly/3usWaUa becomes https://bit.ly/3usWaUa+ to view a preview of the true link destination.