Prank URL Shortening Service is Good Security Basics Reminder

Wednesday, June 18, 2014

Malwarebytes

C940e50f90b9e73f42045c05d49c6e17

By: Christopher Boyd

Many of us use URL shortening services on a daily basis, especially when dealing with short form communication tools such as Twitter.

Of course, it pays to be vigilant when presented with a shortening service link. While it’s a useful tool to have, there have always been issues with regards to your possible final destination.

If you trust the person sending you the link but that individual was compromised, you may well find yourself on the wrong end of a malware attack or phishing link.

Over the last few days, a new URL shortening service called Shrturl has gone live which allows users to create an imitation of a real site, make some changes and save it under a Shrturl address for up to 48 hours before it self-deletes.

From there, the general idea is to troll and prank friends and enemies alike.

While there doesn’t seem to be a way to edit URLs on the spoofed pages as perLifehacker (which would be a great way to send victims to phishing sites), it is a good reminder to check and check again when landing on critical websites you use on a daily basis via shortened links.

What can you do?

There are a few ways to find out where a link leads to if you’re not entirely sure clicking is the right thing to do.

For example, with a Bit.ly URL you simply place a “+” on the end and you’ll see some basic statistics and the final destination URL.

From there you can do some Googling and see if it pops up on a blacklist or security site. Where Goo.gl URLs are concerned, you place a “.info” at the end of the address to see the stats (and, again, the final destination).

It’s worth noting that not every shortening service provides the ability to see stats and / or links, so in those cases you can use something like Long URL which will expand the shortened links and give you the information you need to make an informed decision.

For now, the Shrturl service appears to be doing the “flagged / not flagged” dance via various browser blocks related to phishing [123].

At time of writing, no browser appears to be blocking it for me so it’ll be interesting to see what the various browsers out there settle on.

It’s up to us to make sure we know exactly what we’re getting into when clicking a link, and using some of the stat tools and URL expanders is a good place to start.

This was cross-posted from the Malwarebytes blog.

18816
Security Awareness Security Training General Impersonation Phishing Phreaking
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.