Short links are one of the most common attack tools. There is nothing easier than to disguise a malicious website or a link to download malware using a link shortener, such as Bitly.
In this article, I want to offer my recommendations for checking and securely opening short links.
First of all, check where the hidden link leads. The site unshorten.it will help you with this. Its functionality is extremely simple, as it allows you to find out where the short link leads without opening it.
Remember that such services can log and save data, including end links with valuable information for you.
After receiving the final link, check it out on the VirusTotal website. I recommend that you put VirusTotal in the form of browser extensions for easy verification of suspicious sites in the future.
Unfortunately, this is not always an effective solution. Sometimes attackers make an intermediate harmless site that is hidden by a short link. In this case, the check will show that the site does not pose any threat, but after opening it in the browser you will be redirected to the final malicious site.
Even VirusTotal itself often cannot recognize the threat, therefore, if there is suspicion, run the site in a virtual environment or sandbox. If you have not set up a virtual environment as a temporary solution for browsing websites, you can use the Browserling.com service. But I strongly recommend not opening pages containing private information there, since all your actions and the data transferred can be collected and saved.
Do not forget that some short link services collect statistics about the users who opened them. Usually this is general statistics, less often it is geolocation data, but there are services that allow the link creator to get even the IP addresses of the ones who followed it.