Science and Tech

Cybercriminals use shortened URLs to disguise ‘malware’ and execute social engineering attacks

Cybercriminals use shortened URLs to disguise 'malware' and execute social engineering attacks

May 27. (Portaltic/EP) –

Cybercriminals take advantage of the minimal information offered by condensed URLs to disguise files containing ‘malware’ and malicious programs and execute social engineering attacks, which can result in techniques such as ‘phishing’ and ‘smishing’.

A shortened url is a web address that displays fewer characters than the original address, but takes the user to the same page. It is usually displayed as a combination of numbers and letters, which prevents users from knowing for sure what content they are about to access.

This, along with its easy creation using tools such as Ow.ly, Buffer or TinyURL, makes the task easier for cybercriminals, who disguise ‘malware’ with this type of links and distribute it through social networks and other platforms.

In this way, malicious agents can make presumably legitimate websites available to users that can direct them to websites for downloading infected files or programs without their consent.

This has been indicated by the CEO of S2 Grupo, José Rosell, who has warned that although “you don’t have to be afraid of technology”, you should know where a cyber danger can occur in order to act. “responsibly and safely.”

The misuse of shortened urls is not exclusive to cyberattackers, since there are companies that can use them to create user profiles and use ‘fingerprinting’ techniques or fingerprint. In this way, they can track the location of users through the IP address and thus be able to offer personalized ads.

Lastly, the cybersecurity firm has commented that these links can also direct users to fraudulent websites, which impersonate others, so users who fall into the trap can be victims of ‘phishing’ and ‘smishing’.

HOW TO PROTECT YOURSELF FROM THESE URLS

To use these links safely, it is advisable not to provide any private information, password or access data to any website accessed from a shortened link. The ideal in this case is to enter the original website and start operate from scratch, without following the potentially fraudulent url.

From S2 Grupo they also advise verifying that the website accessed is secure and has the HTTPS protocol at its beginning. Likewise, it is important that a security lock appears next to this nomenclature.

If you have accessed the website, it is advisable to perform an analysis with the antivirus that is installed on the device and, if passwords have been provided, these must be changed to others.

Finally, S2 Grupo has commented that using Internet tools, such as Securi or CheckShortURL, allow these hyperlinks to be analyzed and preview the web pages that are going to be accessed, in order to show if there is any type of malicious ‘software’ in the link.

Source link

About the author

Redaction TLN

Add Comment

Click here to post a comment