Twitter Shortened URLs May Stem URL Shortening Scams

Symantec : 06 September, 2010 (Technical Article)

Symantec comments on the plans of Twitter on releasing its own URL shortening service

Twitter has announced it will be launching its own URL shortening service - dubbed t.co - to all users by the end of the year. Symantec, the world's leading security software company, has observed that the amount of criminal activity using shortened URLs for spam and phishing attacks has risen sharply in 2010. A 23-fold increase was observed in the use of URL shortening services in spam emails when comparing the first half of 2009 to the first half of 2010. Overall in H1 2009, 1 in 1,769.2 spam emails contained a shortened URL while in H1 2010, 1 in 76.3 spam emails contained a shortened URL. Attacks Symantec has observed so far include phishing user names and passwords for the purpose of hijacking Twitter accounts, as well as directing users to malicious websites, as illustrated in this blog on our Connect website Amanda Grady, Senior Analyst at Symantec says: 'With the announcement that Twitter will be rolling-out its own short URL service, many malicious attacks through this route will be thwarted. Through Twitter's added analysis, they will be able to check if the short URL is directing users towards a site with malware and alert them in advance. This should reduce phishing attacks on Twitter accounts and prevent criminals from directing users to infected websites. 'Despite this added service, Symantec would still recommend that social media users take precautions with the URLs they choose to open. They should only open links from people they trust and have updated security software on their PC or device. Using a browser plug-in that will check a shortened URL and shows the final destination URL before you click can be a good additional precaution.'

Read More News from Symantec

Read More News for IT Security

Read More News for Internet Security and Content Filtering