14. February 2017 14:26
URL shortening is quite a common trend over the internet. These URLs are helpful while sharing lengthy and complex links through instant messaging, emails or on websites that have a strict character limit, such as Twitter. When the user clicks on the shortened link, he is automatically redirected to the original URL. There are a number of URL shortening services available on the internet, some of the popular ones being bit.ly, goog.gl and tinyurl.com.
What exactly is URL shortening?
The concept behind URL shortening is simple. When you enter a long URL, it is encrypted by the use of an algorithm in order to produces another link with lesser number of characters. The shortened URL address is then mapped to the original link so that the user lands on the web page that he intended to visit.
Security risks associated with shortened URLs
- Link Manipulation: The first and foremost security risk is that a shortened URL hides the destination link. It means that there is no way to identify the landing page to which you will be redirected upon clicking the link. This is the reason why shortened URLs are used in various phishing scams. Hackers send these URLs embedded in emails or IMs so that the victim is not able to verify their authenticity.
- Ineffective Spam Filters: As the original URL is not visible, the spam filters cannot identify the potential threat and do not blacklist the email. The safe browsing features in popular web browsers warns the users if they are about to visit a phishing website. However, in case of shortened URLs, as the landing web page is not known, no warning is issued and the user is directed to the potentially spam website.
Tips to stay safe while using shortened URLs
- Many URL shortening services allow the users to check where a shortened URL will be redirected before they actually click on the link.
- Shortened URLs that take the users to a log in or sign up page should never be trusted. Instead, you should access all your online accounts by manually typing in the website’s address. Also, verify that the URL begins with ‘https’ instead of ‘http’.
We, at Centex Technologies, offer effective IT security solutions to business firms in Dallas, TX. For more details, feel free to call us at (972) 375 – 9654.