Short URL Scams – Avoid the Traps, Report the Spammers

Lengthy URLs are hard to share with others, difficult (if not impossible) to remember, are more likely to break in emails, and can simply be too long to fit into short messaging sites like Twitter – which limits posts to 140 characters. To solve all these issues, several great free programs are available to shorten URL’s.

But hidden within this ease and usefulness is a layer of abstraction that criminals exploit. Worse, McAfee labs expect this type of exploit to significantly increase this year.

Social media sites such as Twitter and Facebook have created the movement toward an “instant” form of communication, a shift that will completely alter the threat landscape in 2011. Of the social media sites that will be most riddled with cybercriminal activity, McAfee Labs expects those with URL-shortening services will be at the forefront.

The use of abbreviated URLs on sites like Twitter makes it easy for cybercriminals to mask and direct users to malicious websites. With more than 3,000 shortened URLs per minute being generated, McAfee Labs expects to see a growing number used for spam, scamming and other malicious purposes.

Internet tools that are helpful for good users can be even handier for crooks. Spammers, scammers, ID thieves, etc. use URL shortening tools in hopes of increasing your likelihood of landing on their malicious sites.

For example, if you received an email, or saw a posting saying “hey, check out these cool cartoons” and saw the URL you were directed to click on was http://let-me-give-you-a-nasty-virus, you wouldn’t click on it. However, if the URL was shortened to look like http://bit.ly.12xtdf, you might not take the same care – even though it takes you to the exact same malicious site.

To reap the benefits of shortened URL’s without falling victim to criminals, stick to the advice that you only click on links from trusted sources, or on trusted sites – or find the site yourself. The trick is how to find out what site is hidden behind that shortened URL begin testing it for safety….

Below are the instructions for creating a shortened URL, AND for discovering the safety of a shortened URL:

Creating a shortened URL:

  1. Begin by selecting a URL shortening service like TinyURL, Doiop, MemURL.com, ReadthisURL, dwarfURL.com, or bit.ly
  2. Enter the full length URL into the specified field
  3. Create a short name (optional in some, not available in other products)
  4. Then, press the button to generate the new, shorter version

My personal favorite URL shortener is TinyURL.com because it offers two great features. (Note: my views are my own, I do not accept remuneration to promote any service) The first great feature is the ability to customize your shortened URL, which is a whole lot more intelligible than the automatically generated random number and letter sequences the service creates on its own.

The second great feature is their preview option. Though it adds 8 additional characters, using the preview feature allows recipients to see the original URL of the site they will be taken to if they proceed. See the example here:

Discovering the safety of a Shortened URL:

If the shortened URL was created using TinyURL, and the creator used the preview feature, click on the preview link. It will take you to a landing page that shows the full URL address (see image). You can compare this to the original URL in the previous image and see they are a match.

To discover where other shortened links are going to take you requires using an “UNshortening tool”, several of which are also free.

If you frequently consider clicking on shortened links, installing a free tool like UnShortenEmAll, TinyURL Decoder Expand url shortening service urls make a lot of sense, these will either automatically display the URLs in their original form, or show you the real URL if you hover over them. All of these require that you download a Greasemonkey plugin to your Firefox browser to run, but they’re easy to install and use.

If you only occasionally consider clicking on shortened links, the website Unshorten.com may be just right for you. To use it, simply enter in the shortened URL, and it will return the real location as shown in the image below:

Keep in mind that simply discovering the full URL, does not mean the site is legitimate – it just means you’re ready to use standard methods for determining the safety of a site

Steer don’t be pulled. Once you have found the proper URL, use a search engine – combined with a malware filter like McAfee’s Site Advisor (it’s free) to be sure the site is legitimate before clicking the link.

In the example above, you see that full URL behind the link blogof.francescomugnai.com. To check the safety of this website, I copied and pasted this text into the SEARCH box (not address field) of your search engine and looked to see two things. 1) The site exists, and 2) the site has been tested by McAfee Site Advisor’s malware filters and found to be safe (the little green check mark next to each result is how McAfee’s tool shows the safety or risk level of tested sites.)

Keep your computer protected at all times using anti-virus, anti-spam, and anti-phishing tools and follow these simple safety steps when navigating to websites to have a safer, more enjoyable online experience.

Linda

Advertisements

Comments are closed.

%d bloggers like this: