Twitter users at risk from shortened URLs
Cyber criminals posting links to malicious websites hidden in shortened URLs, warns Symantec
Symantec is warning that scammers are using Twitter to direct users to malicious websites.
The security company is highlighting a new tactic by cyber criminals, whereby attackers take a tweet on a popular subject that contains a shortened URL, and change the URL to direct to the attack site. The attackers then re-tweet the post, and because of the difficulty in spotting the real target destination in a shortened URL, users click through to the malicious website.
According to Symantec Hosted Services research, spam containing shortened URLs hit a one day peak of 18% (or 23.4 billion) of all spam emails in 2010, a significant increase from 9% the year before.
Twitter has already taken some steps to try and mitigate the risks, including the ability to expand a shortened link to see the actual URL it links to without having to click on it, although this is not possible for all shortened URLs as of yet. In the meantime, Symantec is advising users to keep software patched and to use security software to help lessen security exposure.