With Goo.gl Shutting Down, Will Attackers Move to Less Transparent URL Shorteners?

Share Now


Google recently announced it was shutting down Goo.gl, its URL shortener service. Going forward, you’ll find short-link provisioning in Google’s Firebase mobile and web application platform.

So why are we writing about this?

CofenseTM has blogged about attackers using shorteners to mask a phishing link’s destination—typically a link delivering malware or tricking people into giving up credentials on a fraudulent page.

Goo.gl, along with Bit.ly and a few other services, has helped security teams preview the destination of  shortened links by adding a + to the end. It’s a big help when investigating links for potential malicious activity.

As Goo.gl retires, will attackers move to other platforms that lack this kind of transparency? Attackers who no longer use Goo.gl links anonymously may well seek alternatives. They have plenty of options.

You have options, too. You can check shortened URLs using link expander services. The expanded URL reveals the true destination. This article in Connect (NYU) is a good overview on using expander services: https://wp.nyu.edu/connect/2017/12/12/the-skinny-on-short-links/

And you can always rely on good old common sense. If an email looks weird, report it. Don’t take any chances!

To learn more about attackers using shortener services to camouflage attacks, read this Cofense analysis.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on wpml.org as a development site.