URL Shortening Includes Security Risks

The options for creating a short URL from a much longer one is quickly changing with both Google and Facebook getting into the link shortening business. We all agree that a shortened URL is easier to send via e-mail, and they are almost a requirement for Twitter’s 140-character limitation. What you need to understand first is that they also introduce security risks.

There are two main problems with link shortening services.

  1.  They make it easier for attackers to distribute spam and phishing attacks because the actual destination URL is not displayed until you click on the link.
  2. Because link shortening is frequently used with social networking services like Facebook and Twitter, there is an inherent trust that the link will be legitimate.

Normally a user can review a link to make a decision if they want to go to the target URL, however the TinyURL alias tells you nothing about the destination and could lead you to a malicious Web site. Attackers can also circumvent many security controls by using URL shortening services. The URL shortening domains are usually trusted by default by firewalls, corporate web filters, and spam blocking utilities which makes it even more difficult to identify and block links that lead to malicious destinations.

While URL shortening is a useful and convenient service that is here to stay, you need to make sure you exercise some common sense and cautious skepticism to avoid being exploited.

You can read more here.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s