You get a text alerting you to that fact that you’ve apparently won money, and it comes with a bit.ly link. How can you prove it’s a scam?
Scammers are getting smarter, and that’s bad news for all of us. After informing readers on how to check a domain in an email and SMS for what should be a dodgy link, scammers are turning to the services everyone else uses in order to convince us of their legitimacy.
Or in other words, scammers are trying to tell you that their scam isn’t a scam because it looks like a real page.
To do this, scammers are turning to short link generators like bit.ly, also known as Bitly, one of the more popular web services to cut down the size of URLs and make them easier to share on social. But that’s not all bit.ly does.
Short link generators like bit.ly can also hide what the actual website is, meaning they’re not only shortened, they’re also hidden from sight. Hiding a website link can be problematic because it makes it just that much more convincing, and if a company you know and trust uses Bitly for its own links already, there’s a chance you’ll believe the Bitly link is real before checking.
It’s a neat trick, and it’s one that will likely ensnare a fair share of victims.
However it’s also one that can be tracked, because even though a Bitly can mask a URL, you can unmask a Bitly URL with another neat little trick.
How to unhide a Bitly link
Bitly links typically hide and mask an original link with http://bit.ly/ followed by a random sequence of letters, but it doesn’t always have to be quite so random. We have one for The Wrap in http://bit.ly/listentothewrap.
However if you see an SMS with a bit.ly link in it, you can unmask it by adding a plus sign to the URL, and even find out how many links it has received.
A Pickr reader recently received a Bitly link in what is clearly an SMS scam, and so we ran that through the service with the unmasking symbol. What was originally written as
http://bitly.com/PaYY can be unmasked by adding +, which means clicking on https://bitly.com/PaYY+ will not only show where the link actually goes, but also how many people have clicked on the link.
At the time this story was written, it means that almost 800 people had clicked on the link since its creation, which means the link is likely getting hit. Most of the people clicking on it appear to be from Australia, though that could change over time.
As to whether the scammer is making money out of the link, that’s something we can’t say for certain, however every link lands someone closer to being called a victim.
It’s unlikely scammers will stop using Bitly to hide their links, though the fact that you can check their legitimacy is helpful. Given this development, however, we can’t imagine scammers will stop using short URL generators like Bitly in their phishing attempts.
Ultimately, if you get a Bitly link sent to your messages and you can’t do the typical “check the domain” thing, check the Bitly link by adding + to the end of the URL, and then look at the domain.
If the domain doesn’t seem right, don’t even think to click on the link. Close the message, delete it, and move on. Don’t give scammers and their dodgy messages any time.
Alternatively, consider Googling what’s in the message and check whether anyone else has reported it. You don’t want to end up the poor person caught out by a scam, and we wouldn’t either.