Security-as-a-service firm MessageLabs is warning of a huge spike in spam messages containing shortened URLs, which can potentially take users to malicious sites.

Hackers are already using shortened URLs on sites such as Twitter, where space is at a premium, but now it appears that the tactic is becoming more widespread.

Shortened URL services, such as TinyURL.com, substitute a destination URL for a shorter version, meaning that users cannot see where the link will take them. This makes it easier to trick people into visiting dangerous pages.

Researchers at MessageLabs Intelligence said that the number of spam messages containing shortened URLs jumped at the end of June from about zero to 2.2 per cent of all spam, or more than three billion messages.

The spike lasted for about three days, and at the time of writing MessageLabs had recorded another spike which it predicts could last for a similar length of time.

"There are a huge number of these services, and they don't always require a Captcha or to register an account to use," said senior MessageLabs analyst Paul Wood.

"They are driving people to spam sites at the moment. But one of the dangers is that, if it does become malicious, it will be much harder to recognise [the malicious sites] because you don't know where you're going until you get there. "

Wood advised users to click on shortened URLs only if they recognise the sender.