The options for creating a short URL from a much longer one is quickly changing with both Google and Facebook getting into the link shortening business. We all agree that a shortened URL is easier to send via e-mail, and they are almost a requirement for Twitter’s 140-character limitation. What you need to understand first is that they also introduce security risks.
There are two main problems with link shortening services.
- They make it easier for attackers to distribute spam and phishing attacks because the actual destination URL is not displayed until you click on the link.
- Because link shortening is frequently used with social networking services like Facebook and Twitter, there is an inherent trust that the link will be legitimate.
Normally a user can review a link to make a decision if they want to go to the target URL, however the TinyURL alias tells you nothing about the destination and could lead you to a malicious Web site. Attackers can also circumvent many security controls by using URL shortening services. The URL shortening domains are usually trusted by default by firewalls, corporate web filters, and spam blocking utilities which makes it even more difficult to identify and block links that lead to malicious destinations.
While URL shortening is a useful and convenient service that is here to stay, you need to make sure you exercise some common sense and cautious skepticism to avoid being exploited.
You can read more here.