The Dangers Lurking Behind Short URLs

Posted by: Rod Kurtz on October 29, 2009

More and more businesses are leveraging the power of social networking sites, blogs, Twitter, and other Web 2.0 technologies to connect with their customers and partners. However, if left unprotected, they could be susceptible to a mounting tide of Web-based threats.

Take Twitter, for instance. Users "follow" their friends, business associates, customers, their favorite news outlets, and others. Because Twitter limits tweets to just 140 characters, many people use a URL shortening service such as bit.ly or tinyURL when they want to share a link with others. The shortened versions mask the destination of the original URL and cyber criminals have begun relying on shortened URLs as a way to trick unsuspecting users to click on malicious links.

So, who can you trust: Your friends? Your favorite news source? Sadly, you can’t trust your online network of friends and followers. Recently, hackers exploited flaws in the Cligs’ URL editing software, allowing them to hijack 2.2 million Cligs links. Users are accustomed to trusting links that they receive from their online network of friends and often click on those links without hesitation. Spammers, phishers, and other cyber criminals exploit that trust to spread links to Web sites with malicious code or data-stealing spyware, or to trick users into downloading Trojan horses.

What can you do? If you’re using the social Web, here are three important tips to help you prevent security threats spread by masked URLs:

1. If you are using a browser with plugins, download a link previewer. A link previewer will let you either see the true target of a link or will show you a floating preview of the Web page.

2. If you are a blogger and don’t want your readers to be in danger, download software that blocks comment spam so that your readers won’t accidentally click on malicious links posted on your comment board. One example of free software that does this is Defensio.

3. Always protect your Internet access with a Web security solution that prevents Web 2.0 threats by scanning Web content in real-time and blocking access to the portion of a Web page or Web site that contains a harmful link.

David Meizlik
Director, Web and Data Security
Websense
San Diego

Reader Comments

Sheryl Schuff, CPA

October 29, 2009 7:16 PM

Thanks for the advice.

I've been using Akismet to protect my WordPress blog from spam and I have the AVG active surf shield and AVG search shield installed on my computer to protect me while I'm on-line.

But I didn't have a link previewer until a few minutes ago (after I read your article). I spend a lot of time on Twitter and with all the recent hacking that's been going on there, it seemed like the perfect time to take precautions.

I chose the free Cool Previews addon for Firefox.

Post a comment

 

About

Want to improve the way you run your business? Entrepreneurs, academics, and consultants from diverse industries offer practical advice on a variety of topics each business day.

To submit a tip for consideration, first check our archive of previous tips to make sure you're not repeating a tip someone has already contributed. Then send the tip to Small Business channel contributor Michelle Dammon Loyalka. Because of the volume of material she receives, she may not respond to each individual.

BW Mall - Sponsored Links

Buy a link now!