What’s the Deal With All These owl.li Links in Spam Messages???

URL Shorteners

In any world with Twitter, URL shorteners are a crucial part of the internet ecosystem. URL stands for Uniform Resource Locator, and as the name implies, it helps your computer figure out where and how to access the web page you want to get to. Unfortunately, many URLs are too long to reasonably write down or share in a tweet.

You also can’t cut much out of a URL and still have it go where you want it to, so the only other option is to add a step – a shortener, which will take your long URL, shorten it, attach a key to it (the bits after the ‘.com/’ bit), and give you an easier way to access your original URL via redirects. Once your computer tries to visit the TinyURL or BitLy (or any other) link, the site then redirects your computer to the right address using that key as a guide.

The exact phrasing of the shortened link is also indicative of who the link came from. Bit.ly links come from the link-shortening website Bit.ly. TinyURL ones always have TinyURL in them unless you pay for it to be something you pick. Sometimes, URL shorteners come with a service, and you can tell who uses what by what that app shortens the URL to. For example, we use Buffer, so every link we post via Buffer comes out as a Buff.ly link unless we specify otherwise. Twitter and Youtube also have their own link shorteners, but you generally only interact with them when somebody shares a link via the site’s share function instead of copy/pasting directly from the URL bar.

The link shortener I’ve seen most often allegedly comes from Hootsuite, another social media management application. Owl.li is tied to them, alongside owl.ly, ht.li, and ht.ly links. You do need an account to use owl.ly, but owl.ly is the only link shortener mentioned on Hootsuite’s website. Typing in the generic Owl.li currently redirects back to the owl.ly page as well.

Link Shorteners and Spam

Link shorteners are a valuable resource, but they can be misused. If someone sees a fishy link, they’ve probably seen enough PSAs from regulatory bodies to know it’s a bad idea to click. However, shortened links break the pattern – if you google “Bit.ly”, the website, it will just tell you it’s a link shortening website. It doesn’t have dozens of characters after it, something common to spam links, which often want to take you to a hastily made site and auto-download something. Hovering over it, due to the redirect system mentioned above, will again show the user Bitly or TinyURL (or any others) instead of the final destination, the scam website. It hides the true nature of the link behind it.

Why are they using Owl.Li instead of anyone else?

Given enough time, spam tactics stop working – Bit.Ly links were so often a problem that people stopped trusting them, which meant bad things for Bit.Ly the company – a secondary side effect of link shortening is that you can brand your link to give it some legitimacy, which increases clickthrough rates vs. the generic link it was before.

Simultaneously, companies like Google and Outlook often offer automatic spam filtering, and if enough links get reported, companies with spam filters begin to remove those links by default, rendering them useless for everybody, not just the scammers using them inappropriately. Visiting the support page for Rebrandly, a company that offers social media services, shows ‘blacklisted’ URLs that those big tech companies are not allowing in cold emails.

In this list, you see weird ones – but you also see Bitly and TinyURL. Other, more established link shorteners have gone through the same thing. Owl.li is just next in line, and it happened to combine with a new wave of AI and consumer technology that A) allowed email addresses to send messages to phones and B) allowed widespread harvesting of phone numbers from data breaches. Owl.li links are in so much spam because the new wave of spam only has Owl.li left… for now.

Where Is It?

What’s strange, though, is that Owl.li the website isn’t popping up in searches. As I mentioned previously, Owl.li redirects to Hootsuite’s Owl.ly page – the actual Owl.li, where these scammers are getting their link-shortening from, is nowhere to be found. With a little digging, a website called “scam-detector.com” has record of owl.li’s existence, but it’s scrape of the page once again shows Hootsuite’s information. A tweet from Hootsuite itself mentions Owl.li, and switching to the new Owl.li. Google searches yield nothing – Twitter brings droves of links from miscellaneous businesses.