No, you’re not confused. If you came here from a TechCrunch or Wall Street Journal link, you were duped on purpose. No harm intended. Just a dose of reality to the real world of short URL services. Keep reading for the details.
The purpose of this post is to serve as a major wake-up call for short-URL users who are subject to link phishing – the ability to slightly modify a link to give a false sense of trust to your visitors. Confused? Here is an example:
This is a link to the blog post you’re reading: http://bit.ly/dgbhjM
Here are a few branded sample links from various major news organizations that use Bit.ly Pro:
- Techcrunch: http://tcrn.ch/dgbhjM
- Wall Street Journal: http://on.wsj.com/dgbhjM
- MarketWatch: http://on.mktw.net/dgbhjM
- StockTwits: http://stk.ly/dgbhjM
- TheOnion: http://onion.com/dgbhjM
Make sense? If you saw one of these links on Twitter, Facebook, or a blog, wouldn’t you believe it was real?
This is one of the primary reasons why our customers continue to invest into our Ez.com and BudURL Enterprise platforms. They were designed from day one for business, with the tools, security, and integration that businesses need. Our customers are global social media powerhouses, international brands, and smart marketers who take this seriously. I wish everyone did the same. Link phishing has been around for years, but some short URL services make it even easier. When you’re looking for a short URL service for your business, consider these five key criteria:
- Use a service that lets you use your own domain (improved branding and no chance of phishing)
- Require that the service prohibit link phishing (like the examples above)
- Your statistics should be real-time and protected so that your data is your own. (if you want to see the link traffic for any bit.ly URL, just add a “+” to the end, like this: http://bit.ly/dgbhjM+ ~ note: you really want to hide this data or your competitors can watch the success of every campaign)
- Unique vanity links (the part after the slash “/”) so you can have reign over your links
- Multiple users so everyone in your company or department can have their own account
If you’re not sure which services have all of these features, take a look at ours (Ez.com & BudURL Enterprise). You’ll be in the company of the global brands you use and trust every day. If you’re still not sure, drop us a line.
{ 2 comments… read them below or add one }
Fantastic demonstration to how easy it is to get duped!
Hi guys.
Just saw this article. We agree with the dangers of phishing associated with insecure shortened links.
We instituted restricted hashes for branded shortened URLs from day one. The default behavior for all free bit.ly Pro and premium bit.ly Enterprise accounts is to restrict the hash, ie. only hashes created by the user associated with the custom short domain are valid. All unintended/insecure hashes and phishing attempts will come up as 404s.
Best,
Greg Battle
========
Team bit.ly