URL shortening services like TinyUrl have been around for a while now but with the advent of social networking services like Twitter which only allow messages of 140 words or less, their popularity has skyrocketed. This past week researchers have discovered that spammers are also taking advantage of the services, using them to mask their spam domains and get their messages past filters. Redirect services are also popular but URL shortening is more attractive because it requires no registration and no CAPTCHA to solve.
While the fake URLS used by phishers can be easily discovered simply by hovering your mouse pointer over them, the same is not true of URL shortening services and is one of their biggest shortcomings. The use of shortened URLs in spam messages has risen from 0 to 2% this week. The DonBot botnet is largely responsible, sending over 5 billion spam messages a day. Much of the spam using shortened URLs advertises weight loss pills and male enhancement products.
While there are new services cropping up that will lengthen shortened URLS without having to click on them, it is still a good idea to avoid clicking on shortened URLs sent to you by anyone you don’t know. Advise your employees to avoid using such services as well. Companies that use URL shortening services make customers and potential customers wonder what they’re hiding!