Apply

Security Advisory

URL Shortening Services

Threat Level: Low
Threat Type: Malware, Phishing
Advisory Date: 07/13/2023

Description

URL Shortening Services can be used as a method of making long and cumbersome urls easier for users to digest.

They are also often used by malicious actors in attacks such as phishing emails to make users more likely to click on links.

Examples of some URL shortening services are:
bit.ly, tinyurl.com, ow.ly, t.co, goo.gl, amzn.to, youtu.be

A URL shortening service can make a URL like the following:
http://165.124.215.113:5050/extremely/long/URL/?_encoding=UTF8&node=6169741011&fbn=6205177010&ref_=Oct_f_odnav_d_6205177011_4&ph_rd_w=Zop1O&pf_rd_p=cc78c76-75ae-47b4-87de-7865ecbacb24&pf_rd_r=6Y7HCJHGQMGZ9K48032V&pd_rd_r=87558a48-5a80-42b8-9118-f8a1d97c5865&pd_rd_wg=PFX0k

Look look a lot nicer:
https://bit.ly/55tTSX1m

A URL shortening service can also make a malicous website:
www.badguy.com/hackyou

Look a little less frightening:
https://tinyurl.com/goodguy

Phishing Email Example:


Dr. Smith has shared a file with you

lick the link to view the file:
https://bit.ly/8tHRT7a


Impact

URL shorteners pose a risk to the University by increasing the likelyhood of users accessing malicious links.

It's important that users are aware of what URL shortening is and how to identify the true destination of a link from an untrusted source.

Resolution

To find the true destination of a link, you may use any of the services below.  They are free to use and will take any link and show it's true destination.
https://wheregoes.com/
http://checkshorturl.com/
https://unshorten.it/

Resources

Please contact the IS Service Desk if you have any questions or require assistance:
Email Service.Desk@uregina.ca
Phone 306-585-4685
Webform https://www.uregina.ca/is/forms/ticket.html
In Person at ED 137 or Archer Library Commons