When URL shorteners first made their appearance a decade ago, the idea behind them was to make sharing website links easier, especially as some URLs, otherwise known as Web addresses, were more than 100 characters long.
TinyURL, the first well-known URL shortening service, launched in January 2002, and the large majority of its links were shared via personal emails.
Nearly 10 years later, shortened URLs are used regularly in social networking, most notably in Twitter due to its 140-character limit.
However, shortened URLs create a major security risk. They don't allow users to confirm that a link is what it claims to be before they click on it, allowing criminals to lure in victims blind.
(If you don't know how to confirm a web link's legitimacy, run the cursor arrow over the live link and see if the information that shows up, either as a pop-up or in the lower left of the screen, matches the link information displayed. If they don't match, the link is taking you to a fake site, likely infected.)
The problem with shortened URLs is that not only is the link in the document scrambled, but so is the verification method. It is impossible to tell where the link is taking you until you click on it.
Because of this lack of verification, cybercriminals are taking advantage of shortened URLs to spread malware. Adding to the problem is the heightened trust factor of social media.
According to Perimeter E-Security of Milford, Conn., users are 10 times more likely to click on a link in social media than they would elsewhere, because the links come from friends, family members or other trusted sources. That's a cybercriminal's dream come true.
Luckily, there are ways to double-check that shortened URL to make sure it is taking you to a safe site. One way is to use verification sites such as AVG's Linkscanner ( http://www.linkscanner.avg.com/ ), a free utility that can detect poisoned pages behind shortened URLs. There are also websites that allow you to cut and paste the link into a search box, which will expand the link to its original version.
Advanced browser features or tool bars that warn users about phishing and other illegitimate sites are still a decent choice for end users, although they are far from perfect, said Avivah Litan, Gartner analyst.
And of course, make sure your anti-virus software is up-to-date, just in case you click on that link without double-checking.
- Some Tweets with 'Goo.gl' Link Are Out to Scam You
- 5 Cyberthreats to Watch For in 2011
- 'Evil URL Shortener' Shows Danger of Shortened Links