![]() ![]() You copy or type in the shortened URL and it tells you what the longer URL substitution is. There are almost as many “expander” websites that will expand shortened URLs for you as there are shortening services. The good thing about shortened URLs that they can be “expanded” without having to actually click on them. URL shortening is so common and useful that malware developers often develop their own shortening services so they can generate shortened URLs that look legitimate (ex: ). It is the rare smishing message that does not use a shortened URL. ![]() Today, there are dozens of URL shortening services. Any included URL could easily take up all 140 characters or at least enough of them that typing in a useful message became difficult. These services became vogue back when Twitter only allowed 140-character messages. Most SMS links are created with “shortening services”, which take you to a longer eventual destination link (ex: ) and substitute it with something shorter (ex: ). Here are some of the issues and how to mitigate them. There are a variety of tricks used by SMS phishers that make smishing harder to review. They do not always succeed, but at least you have a defense-in-depth chance. In the regular computer world, usually your Internet browser or email program has content inspection built-in, you probably have an antivirus program that inspects all downloaded content, and you or your organization may have additional layers of inspection, all of which help to detect and block malicious content. In the non-SMS-message world, you cannot only hover over the link, but there is likely to be multiple content-inspecting tools which will try to determine if the involved link is malicious or not. Unfortunately, there are far less methods and tools to examine the links you can see in an SMS message to determine if they are going to take you to a legitimate or malicious site. The bad news is that most of the links shown in SMS are “shortened” links that lead to other links which may lead to other links with no good way to inspect or filter them before you and your phone arrive at the final destination. There is no secondary link “under-the-covers” that is the real link, like you get with non-SMS messages. What you can see is the real link…at least the initial link that is being displayed. The good news is that what you see is what you get. Unlike Internet browsers and email programs that display URL links, you cannot “hover” over a link to see what it really is or where it will take you. We have been warning about SMS scams for years as well, including here: government has been warning about them for years, including here. ![]() There is probably not a person on Earth who does not get at least one smishing email a month. Phishing via Short Message Service (SMS) texts, what is known as smishing, is becoming increasingly common (some examples are shown below). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |