TinyURL Phishing Increases in Popularity

TinyURL is a popular URL shortening service which is frequently used to reduce the length of a URL to something more manageable. Security firm Trend Micro has warned that TinyURL phishing, first reported in February, is becoming more popular and spreading across different languages.

An example of tinyURL use would be perhaps a Mapquest link to the San Francisco Botanical Garden in Golden Gate Park, which can be shortened to http://tinyurl.com/aaqgln instead of http://www.mapquest.com/maps?address=1199+9th+Avenue+San+Francisco%2C+Ca+94122.

In a phishing scenario, this makes it difficult to mouse over a link to see exactly where it's going. It's also being used in instant messages from your "friends" as well as email.

We've discussed how to avoid phishing schemes before, and much of avoidance relies on recognizing the domain name in the URL as being invalid. Of course, I doubt you would go to E-Trade's site through a TinyURL, but perhaps not.

Naturally, Trend Micro's products purportedly protect against much of this (probably by scanning the TinyURL and expanding it. But if you use something else for security, you can also try the following:
  • URL lengthening tools such as this Firefox extension. Once again, Chrome is super-fast, but unless I can get all the Firefox extensions I love on Chrome, I'm staying put.
  • Finally, you can turn TinyURL preview on permanently in your browser. Go to http://tinyurl.com/preview.php, and click on the link that says "Click here to enable previews." You can similarly disable it later by going to the same page. You will have to do this for each browser you use if you use multiple browsers.


Good luck.

Via:  TrendLabs
blog comments powered by Disqus