Shortened URLs, such as those from bit.ly and goo.gl, make it easy to type in a web address quickly but hard to tell where your web browser will actually take you.
- Before clicking a shortened URL, check for the full URL. Most URL shorteners—including those used at U-M—include a preview feature. If you aren't sure it is safe, don't click!
- Before creating or sharing a shortened URL, consider alternatives. If you must use one, make clear where it goes.
- Be aware that criminals use shortened URLs to direct people to phishing sites and initiate malware downloads.
Before You Click, Reveal Full URLs
There are a number of ways you can reveal the full URL behind a shortened URL:
- Use the shortening service preview feature. Type the shortened URL in the address bar of your web browser and add the characters described below to see a preview of the full URL:
- tinyurl.com. Between the "http://" and the "tinyurl," type preview.
Example: http://preview.tinyurl.com/zn7xnzu - bit.ly. At the end of the URL, type a +.
Example: http://bit.ly/2lgPesi+ - goo.gl. At the end of the URL, type a +.
Example: https://goo.gl/vLfoaW+
- tinyurl.com. Between the "http://" and the "tinyurl," type preview.
- Use a URL checker. These are just a few of the sites that let you enter a short URL and then see the full URL:
Shortened URLs at U-M
A number of university units use URL shorteners for official university use. You can trust these.
- myumi.ch/
URLs that begin with myumi.ch/ are created with a URL shortener maintained by the U-M Office of the Vice President for Communications and used primarily by UMSocial and other official U-M social media accounts. Departments interested in obtaining shortened U-M URLs or access to the tool for social media or print use can contact [email protected].
Preview the full URL by adding + to the end. Example: myumi.ch/JW7o2+ - michmed.org/
Michigan Medicine is using shortened URLs that begin with michmed.org/
Preview the full URL by adding + to the end. Examples: michmed.org/duo+ and michmed.org/airwatch-about+ - umicheng.in/
The College of Engineering is using shortened URLs that begin with umicheng.in/
Preview the full URL by adding + to the end. Example: umicheng.in/EngineeringPod+. - umsi.info/ and umsi.tv/
These shortened URLs are used by the School of Information. Examples: umsi.info/bsi and umsi.tv/infominute
Before You Shorten a URL, Consider Alternatives
Some people will be suspicious—and rightly so—if you use shortened URLs in email or in your online or print materials. In general, do what you can to make it clear to people where they will go if they click or type the URL you provide.
- Use descriptive link text with the full URL. In emails and on web pages, it is best to use descriptive link text with the full URL behind it. That lets people know where they will go if they click; they can hover over the link with their mouse to see the full URL. It is also a recommended best practice for accessibility, because it provides people who use screen readers with clear, complete information.
Example: Visit Safe Computing for information about IT security and privacy at U-M. - Don't use a shortened URL if people must log in. If you are directing people to a page that requires login, let them see the full URL and tell them login will be required.
Example: Access your AFS home directory at mfile.umich.edu (U-M login required). - Be clear about the destination when you must use short URLs. On social media platforms, such as Twitter, you may need to use a shortened URL to stay within a character limit. It is helpful to let people know where the short URL will take them.
Example: Learn how to protect yourself from tax fraud at U-M Safe Computing. myumi.ch/Jdn1x
How Criminals Use Shortened URLs
Criminals use shortened URLs to:
- Direct people to phishing websites—sites that ask you to log in or fill in a form and then steal your password and/or personal information. Always Look Before You Log In.
- Initiate download of malicious software, such as ransomware, to your device.
If you are suspicious of a shortened URL, don't click it.