Spammers and phishing scams are increasingly turning to url shorteners like Bit.ly, goo.gl, owl.ly etc to mask the dodgy links they send out in emails, text messages and social media posts. Some of these messages are quite convincing and the unsuspecting public can easily click on a shortened URL and get taken to a phishing, malware, or spam site. A recent check showed that over 2500 people had clicked a link to a phishing site that had been shortened using bit.ly and sent out by text message pretending to be from HMRC but, in reality, took the unsuspecting user to a phishing site and asked for banking and other personal details.
I always try to report any dodgy shortened links (and the destination URL to Google, etc) so they can be blocked and prevent more people getting caught out by that particular scam… but it can be difficult to find out how & where to report spam & phishing shortened links.
That’s why I’ve put together the list I use when I want to report a dodgy bit.ly, ow.ly, is.gd, goo.gl or other shortened URL link. Some are easy, some require a little more effort but it’s worth reporting phishing links to prevent more people getting caught out.
Goo.gl has a “report spam” link at the bottom of the main page, right where it should be. This links to a simple form where you can report the dodgy shortened URL. You don’t even need to login or anything.
Is.gd also has a “report abuse” link at the bottom of its main page which links to a simple form. It’s not as pretty as Google’s but it works.
Owl.ly is very popular amongst social media pros and it’s run by Hootsuite so you’d expect it to be easy… but it isn’t. If you suspect an owl.ly link is a phishing attempt, and if you can find the link, you can report it on Hootsuite’s security page using the drop-down at the top of the page.
Bit.ly offers a lot of analytics data so it’s quite popular too. Simply by putting a + after the shortened URL you can see how many clicks it has had. You can report spam links to firstname.lastname@example.org to get them blocked. Just include the word ‘spam’ in the message, the link and a very brief bit of information about what it is and how you received it. An older post in their support forums used to say to send report dodgy links to email@example.com but that now appears to be out of date now.
Twitter shortens URLs in tweets for you, which is nice, but it’s much harder to report phishing or spam links shortened using Twitter’s t.co url shortener. To report a spam t.co link, you have to report the specific tweet… which can be very difficult to find. There is no direct link on t.co page and the closest you can find to a way to report phishing or spam links is on Twitter’s support pages
Twitter’s slack attitude to phishing and spam on its t.co URL shortener makes it quite attractive to con artists who can get the URLs shortened via twitter, then copy & paste them into an email, text message or social media post, safe in the knowledge that most people will give-up trying to report them before the scam has has a chance to do some damage.
Reporting links to phishing attempts, malware & malicious sites can prevent future attacks, so please help keep the web a safer place and do your bit.