URL Shorteners: The Vehicle Of Malicious Links
Phishers are in a huge advantage these days with the growth of social media platforms such as Facebook, Twitter, Instagram, and even Youtube. People can and continue to navigate away from those social media sites using shortened links, which is very convenient for everyone to use. This is especially through with microblogging site Twitter, as it literally limits every post to just 280 characters. URL shorteners make Twitter a better platform in expressing an opinion, by linking to an external site. However, the most common trouble with the use of shortened URLs is the risk of reaching a phishing site instead of the original site. A phishing site is a website suspected of being a fraud, in actuality, it is designed to lure genuine users to log in to them using the original website’s login credentials.
One example is fictitious billing sites that often appear when users click on a URL linked to a supposed vendor. It is one of the malicious and sneaky fraudulent act of claiming money owed by the user, but in actuality the payment goes to unknown 3rd parties instead. Fictitious claims often use abbreviated URLs, in order to hide themselves from suspicion.
Many fictitious billing sites will not incur damage to anyone if they are left alone, but if a user enters personal information without noticing the imaginary billing site, there is money to lose for the user and money to ‘earn’ for the scammers. If a user registers his personal information such as an address or e-mail address without noticing the fictitious billing site, indirect or direct damage will occur at the expense of the user.
What can be done in order not to fall for fictitious and scam websites operated using URL shorteners?
With URL shorteners the security strength is lowered, and it is dangerous, especially for users that tend to click links without understanding the risks of possibly the destination website is safe or not. Especially when you tweet on Twitter, URLs included in tweets will be automatically converted to short URL even if it is a direct message. It seems that it is better not to include such a purpose URL in Twitter interaction.
Julia Sowells946 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.