There has been a recent uptick in phishing email campaigns using popular URL shortening services such as bit.ly, ow.ly, goo.gl, and t.co. to embed malicious links in email messages. This is a common ploy used by scammers as shortened URLs mask the true link destination.
Further, these phishing messages often appear to come from a familiar entity, such as your bank, and the embedded links, if clicked, often take users to sites which appear to be legitimate and require the input of login credentials. Once login credentials are entered in the spoofed site, they are stolen/compromised and users are redirected to the legitimate site.
If you believe you have fallen victim to this type of scam, you should change your password on the affected account asap and apprise the business/entity of any fraudulent activity. To safeguard yourself from these types of phishing attacks, it is recommended that you never enter login credentials via embedded links in unsolicited emails. If in doubt of the legitimacy of a message, contact the sender/entity at a trusted phone number. An additional tip is to view the the browser address bar, and look for signs of a legitimate/secure site which may include a locked padlock preceding the business/entity name and “https://”
Shortened URLs can be easily checked or expanded using link expander services. The expanded URL is the true destination URL. For more information on using link expanders, please see the following Connect Article: https://wp.nyu.edu/connect/2017/12/12/the-skinny-on-short-links/
Related post: https://wp.nyu.edu/itsecurity/2018/01/12/phishing-campaigns-crafted-to-steal-login-credentials/