Spammers have been using the technique as part of a large malware attack. Using five different URL shortening websites, the attackers sent mangled links to users under the guise of a bank transfer service. The attackers try to get the victim to click a link to open a PDF file that ll describe why. In reality the link goes on to connect them to a site serving up drive-by exploits. In January, spammers sent fake e-mails claiming to have come from the IRS with shortened URLs.
Source: https://threatpost.com/url-shortening-services-used-large-malware-attack-070511/75396/