Science and Tech

The danger that hides behind the shortened ‘url’

The danger that hides behind the shortened 'url'

July 2 (Portaltic/EP) –

The ‘url’ are the addresses on the web that take us to the specific resources that we want to open, such as a page or an image, but they are also the channel used by cybercriminals to try to defraud victims, especially when their destination is opaque , as is the case with shortened urls.

One of the usual tips to check if a link can be fraudulent consists in checking how is the ‘url’ written, especially when they try to impersonate an address of a well-known company. Comparing one and the other is an important step to avoid falling into what is surely a scam aimed at stealing access credentials to an account or money.

It happens, however, that this check is not possible in the case of shortened ‘url’s. These present fewer charactersand precisely for this reason they are more suitable for sharing a link on social networks, where brevity prevails.

To shorten the ‘url’ there are services such as those offered by bitly, Ow.ly, Buffer or TinyURL, which modify the original and long ‘url’ in a shortened version, but directing it to the same destination. Sometimes these shortenings can even be customized, which makes it more aesthetically attractive but also more practical.

But that they are more aesthetic also means that they are less informativeas pointed out from the Internet Security Office (OR IF). This is because hide the destination web pagewhich has led cybercriminals to focus on this method of sharing links and tricking users.


Specifically, from OSI they warn that this malicious practice can be used to download malwarefor launch a ‘phishing’ attack -impersonating a trusted source to steal credentials- or redirect to ‘spam’ pageswith fraudulent advertisements that can end up stealing money from victims.

While not all shortened urls are dangerous, it is worth getting some extra help to figure out what lies behind a character reduction in the link. OSI notes that you can use the Unshorten.link extension for Chrome (or Link Unshorten for Firefox) to find out the original address.

Online security services such as VirusTotal and URLVoid have free url analyzers, which also offer additional information on the landing page.

Source link