Welcome to my site. Please CLICK HERE to give your opinions regarding this new look of "PCTipsbyAnu". Thanks for visiting.

Wednesday, December 14, 2011

Browse » Home » , , , , , , » URL-shortening services Risks - How to avoid it?

URL-shortening services Risks - How to avoid it?

URL-shortening services, offered by TinyURL.com and Bit.ly and becomes a popular target of attacks. After reading the article you will probably not automatically click on the shortened URL!

Originally the process of shortening URLs was developed to prevent damage to the URL in the e-mail messages. The still growing popularity of instant messaging (IM) or Twitter was still increasing use URL shortening services, Twitter has a limit of 140 characters long per message and longer links can not be sent through it.

How does the URL-shortening works?

TinyURL, Bit.ly and other Web sites providing URL shortening work similarly.

All you need to do is:
  1. Go to one of these sites (eg Bit.ly)
  2. Copy the URL of the pages in the appropriate field
  3. Click on the "Shorten"
  4. This page will generate a shorten URL
  5. That's all

Possible phishing methods:

As with many other applications that are useful for normal users, on the other side attackers and spammers tend to extract of these services in their favor. URL shortening provides to attackers and spammers following abilities:
  1. Allow spammers to bypass anti-spam filters, because pages and TinyURL.com Bit.ly are automatically determined to be trusted.
  2. Avoids experienced users to recognize, whether the URL is or not suspicious.
  3. Redirect users to phishing sites to capture sensitive personal information.
  4. Redirects users to sites with malicious content (malware).

As you can see, there are many opportunities to abuse it, because the victim can not know where the given URL points.

In the picture above you can see the use of fake phishing email with a link.

How to protect? 

TinyURL preview feature

To view the original URL, which was shortened by TinyURL, just go to http://www.tinyurl.com/, there go to the "Feature Preview" and then click on "Click here to enable previews." (You need to have cookies enabled). Now when you click on any shortened URL, the browser first goes to preview the original URL.

Bit.ly preview feature

Bit.ly uses a different solution. Created an add-on for Firefox (https://addons.mozilla.org/en-US/firefox/addon/10297), which when installed, you can place your mouse over Bit.ly shortened URL and it displays opened the original URL . This add-on is still under development, so before you can install it, you need to login / register to mozilla.org.

Never open shortened URLs directly without previewing

You can leave a response, or trackback from your own site.

About 'Anu': My name is 'Anu' also Known as 'ANU 007 TIGER' .I'm administrator of 'PC Tips by Anu' blog .This blog was opened for sharing contents about hacking n cracking.


Post a Comment

Back to Top