Read an article on Zscaler Research about how more than a million URL’s that were shrunk with TinyURL or Bit.Ly and other URL compression services were analyzed to see how many led to malicious sites. The result of the test showed that only 0.06% of the shrunk URL’s actually led to malicious content and this seemed to downplay that URL compression services are secure and this is a low risk.
Twitter and the URL Shrinking services themselves do scan the links to see if they lead to malicious content, but clever designers can write code to send valid content to a scanner and different content to someone actually coming from Twitter as a referrer. Still, according to the research you are far more likely to end up on a malicious website from a Google Search than following a link send to you over Twitter that has been compressed.
It is still a good idea to go to the TinyURL or Bit.Ly site and expand the URL you would be clicking to see where you end up. Many Twitter clients have this functionality built in, you know in Tweetdeck you can click on a Bit.Ly URL and it will expand a window to show you where the link would end up before it actually opens the site. This is a good feature just to be sure, and the best rule of thumb is don’t click on links from people you don’t know or trust, they are far more likely to be spam. (You can gauge a link if it is from a twitter user that has little to no followers, and either has little to no people following or massive amounts of people it is following with a very low follow back rate).
Seems a little obvious doesn’t it, don’t click links from people you don’t know or trust, but if you do know that there is a 0.06% chance it will lead to something malicious if it was a link on Twitter.