Many actors when an attempt to phish a user will tend to use bit.ly link to hide the original URL from end-user.
Example: http://bit.ly/2CJ4oib ===> https://area1337.com
This link is redirection to the front-page to area1337.com but we can’t really identify unless we visit the bit.ly link. Bit.ly has an option that will allow you to see the link behind the URL by adding a plus sign to the end of link.
Above is screenshot of what it looks like after adding the plus sign at the end.