You get an SMS suggesting you’ve apparently won money, and it comes with what looks like a real link. A bit.ly link. How can you prove it’s a scam?
Scammers are getting smarter, and that’s bad news. You probably know how to check a domain in an email and SMS for what should be a dodgy link, but now scammers are turning to known services to hide dodgy links and convince us of their legitimacy.
Or in other words, scammers are trying to tell you that their scam isn’t a scam.
To do this, scammers are turning to short link generators like Bitly (bit.ly), one of the more popular web services used to cut down the size of URLs and make them easier to share. But that’s not all a Bitly link can do.
Short link generators like bit.ly can also hide what the actual website is on the surface, meaning they’re not only shortened, they’re also hidden. Hiding a website link is problematic because it makes it just that much more convincing, and can lead to a phishing attempt. Many companies use Bitly links for their own needs, and if a company you know and trust uses Bitly for its own links, you’re more likely to believe that it’s not a scam.
But while bit.ly links do a good job of hiding, they can also be unhidden, and the game of hide and seek can be ended by unmasking a Bitly link.
How to unmask a Bitly link
Bitly links typically hide or mask an original link with
http://bit.ly/ followed by a random sequence of letters and numbers, but it doesn’t always have to be quite so random. The letters and numbers can be intentional, and they can also be tracked, which is what makes a Bitly link more useful than just a URL shortener.
However you can unmask any bit.ly link by adding a plus sign to the URL, and even find out how many clicks it has received.
An example of this is what appeared from a Pickr reader’s messages, with a scam suggesting they visit the link of
http://bitly.com/PaYY. This link shouldn’t be clicked on, but it can be unmasked by adding + to the URL. It means if you add the +, you’ll find https://bitly.com/PaYY+ will not only show where the link actually goes to, but also how many people have clicked on the link thus far.
So far, hundreds of people have clicked on the link, which could mean the scammer is getting through to potential victims. You can even see how many people have been affected internationally, with Australia the primary focus. As to whether the scammer is making money out of the link, that’s something we can’t say for certain, however every link lands someone closer to being called a victim.
More than just a link
The scam doesn’t just rely on the idea of winning money to convince people to click. It also includes a phone number to suggest the message was intentional.
We’ve blurred the number out and replaced it with “04, but the message says:
"Your :Winner ID: 04XXXXXXXX won 6.500.000M Pounds in Donating Pro. To claim goto http://bit.ly/PaYY, click CLAIM enter your Winning Red#: AG7414DQ"
Prize scams are often outlandish, and this one is no different, attempting to convince a click by offering a large sum of money.
There’s also the matter of the phone number, because while the phone number it was addressing is real, phone numbers are easily acquired through leaked or sold databases, and even phone number generators.
But the information inside is a lie, or more specifically, it’s a scam.
There is no money here, sadly, only the money a scammer intends to take from you, and so if you get a message like this, delete it immediately.