Could URL-shortening Websites Be Used By Scammers?
I, and quite a few of the folk I correspond with, have been using what looks on the surface to be a great new feature of the Internet: Services that turn an unwieldy link into a short one. Enter the link you want to send someone into their website and it will create a unique URL, usually no more than a few characters long. Great for some of those really long links that are longer than one line. Already there are more than a dozen of these services in existence, and they’re all free.
The problem: You have no way of knowing what the original link was without going to that webpage. That’s because the new shorter URL contains only the name of the service and then some letters, as in http://snipurl.com/3hun or http://lin.kz/?qdapy. Nothing in there to identify what the link actually takes you to, short of actually going there.
Now most times these services are used by friends, sending one link to another (I find they’re particularly useful in sending stuff to folk who might be intimidated or baffled by long links). And therein lies the problem. If ordinary users get used to receiving emails using links via these services, what is going to stop them from clicking on these links in a phishing email, or some other sort of scam? Indeed, the growing popularity of these services is going to make them attractive to such scammers: The more we use them, the more we will unthinkingly click on them, the more they will attract the scammers’ attention.
As far as I know there’s no layer of security involved in these services to stop scammers from using them. They require no registration (and this could be falsified anyway) and there’s no checking of links to see whether those links contain malicious code, fraudulent intent or illegal content (folk aren’t going to use them if they think their link is going to be vetted), so I don’t see any easy way for the services to avoid their abuse.
As far as I know this hasn’t happened yet. But I’m sure it will. Are these services going to fade away once this starts to happen? Are users going to rebel at ‘hidden’ URLs, after being battered by the increasingly sophisticated methods of disguise used by phishers?
- Click to share on Twitter (Opens in new window)
- Click to share on Facebook (Opens in new window)
- Click to share on Google+ (Opens in new window)
- Click to share on Pocket (Opens in new window)
- Click to share on Pinterest (Opens in new window)
- Click to share on Telegram (Opens in new window)
- Click to share on Tumblr (Opens in new window)
- Click to share on Reddit (Opens in new window)
- Click to print (Opens in new window)
- Click to email this to a friend (Opens in new window)
- Click to share on WhatsApp (Opens in new window)
- Share on Skype (Opens in new window)