Security Advisory
URL Shortening Services
Description
URL Shortening Services can be used as a method of making long and cumbersome urls easier for users to digest.
They are also often used by malicious actors in attacks such as phishing emails to make users more likely to click on links.
Examples of some URL shortening services are:
bit.ly, tinyurl.com, ow.ly, t.co, goo.gl, amzn.to, youtu.be
A URL shortening service can make a URL like the following:
http://165.124.215.113:5050/extremely/long/URL/?_encoding=UTF8&node=6169741011&fbn=6205177010&ref_=Oct_f_odnav_d_6205177011_4&ph_rd_w=Zop1O&pf_rd_p=cc78c76-75ae-47b4-87de-7865ecbacb24&pf_rd_r=6Y7HCJHGQMGZ9K48032V&pd_rd_r=87558a48-5a80-42b8-9118-f8a1d97c5865&pd_rd_wg=PFX0k
Look look a lot nicer:
https://bit.ly/55tTSX1m
A URL shortening service can also make a malicous website:
www.badguy.com/hackyou
Look a little less frightening:
https://tinyurl.com/goodguy
Phishing Email Example:
Dr. Smith has shared a file with you
lick the link to view the file:
https://bit.ly/8tHRT7a
Impact
URL shorteners pose a risk to the University by increasing the likelyhood of users accessing malicious links.
It's important that users are aware of what URL shortening is and how to identify the true destination of a link from an untrusted source.
Resolution
https://wheregoes.com/
http://checkshorturl.com/
https://unshorten.it/
Resources
Please contact the IS Service Desk if you have any questions or require assistance:
Email Service.Desk@uregina.ca
Phone 306-585-4685
Webform https://www.uregina.ca/is/forms/ticket.html
In Person at ED 137 or Archer Library Commons