If social networking is something you do on a daily basis, you’ve surely run into a shortened link on Facebook or Twitter, at least a couple of times by now. Long links are inaesthetic, unwieldy and clutter your wall and news feed. They can also eat up character limits when, say, you want to post a comment in a character-limited section (e.g. a Tweet), break the flow of text, which may be really annoying for all of you keen writers out there, and break themselves when sent via certain e-mail applications.
These reasons are why most people have started using shortened versions of links to all kinds of websites, mainly legit news and video websites. And, of course, cybercriminals see a great evil-spreading potential in them. The malicious shortened links they create are simple tools that enable them to breach your internet security.
First off, how do link-shortening services work?
There’s a huge number of link-shortening services on the web, including Google’s goo.gl, Microsoft’s binged.it, Twitter’s t.co and the popular bit.ly. Say you want to include a long link, like http://www.bullguard.com/bullguard-security-center/security-articles.aspx in a character-limited section. If you want to make it shorter you can just go to bitly.com, paste the long link into the shortening section and click “Shorten”. The result? – bit.ly/w7lNLg. You can even customize it to say: bit.ly/BGSecinfo. This way it’s short and easy to remember in case you want to spread it by word-of-mouth. The shortened link automatically redirects to the original one. Pretty neat, isn’t it? The downside is, however, that you can’t see where exactly a shortened link leads, unless it’s customized. And, in this case, if you take the word of the person who posts it. Which leads us to its internet security-breaking potential.
How can cybercrooks spread their evil through shortened links?
You find an article or enticing message containing a shortened link. You click on it. Next thing you know – or don’t know! –, you’re in a crooked environment that can really challenge the internet security software on your PC – if you have one installed.
When you read an interesting article or message on social media, in an e-mail etc., that comes from a seemingly trusted source and urges you to click on a shortened link, usually you don’t think twice. That’s what cybercrooks count on when they launch their attacks on your internet security.
They either create short links with their own tools or exploit existing link shortening services to create short links directing to advertising, malware-infected or phishing websites. Their clear purpose: spam you with ads you’re not interested in, or get login credentials, credit card details, and other sensitive data from you. In short, make dirty money.
This is how they can spread their evil:
- enter malicious short links in news feeds
- post them on Facebook walls – including your wall or those of your friends
- include them in e-mails
- take advantage of popular news or videos and start spreading them accompanied by malicious links, all over the web.
The more concerning issue is that because shortened links are, in fact, “codes” of long links, basic phishing filters either stand-alone or included in traditional internet security software have trouble “reading” and blocking them.
How can you avoid such internet security threats?
Not click on a shortened link, at all? Clearly, that’s not the answer. Companies that offer link shortening services are constantly working on improving their security systems. But, the ever-more sophisticated internet security threats prove just how creative and efficient cybercrooks are in breaching the internet security of web users all over the world wide web. So what to do?
- One method to make sure a shortened link doesn’t send you to a malicious website is to search for the information it promotes using a search engine.
- Make sure the source that sends the shortened link is a trusted one. If it comes via e-mail seemingly from a friend, ask them before you click on the link. Also, if the enticing message accompanying the link promotes an incredible celebrity video or some outrageous content, it’s probably all part of an internet security scam.
- You can expand the shortened link to bring it to its original form by using a links expanding service, such as longurl.org.
- If you avidly read all the tweets of the people you’re following on Twitter, make sure you hover your cursor over shortened links. This way you can see the full address of the website you’ll be directed to once you click on it. Also, you can install a plug-in for your browser – you can find such program easily for Firefox and Google Chrome – that allows you to expand shortened links on any website.
- Make sure your internet security software is up-to-date and includes an effective phishing tool. BullGuard’s internet security suite comes with an Antiphishing feature that offers in-depth protection for all browsers.
- Install complete internet security software on your computer that offers proactive protection against all types of malware. BullGuard Internet Security 12 comes with a dual antivirus engine that spots and removes even as yet unknown malware, thanks to its combined detection methods: Signature-based and Behavioural-based Technologies.