Tag Archives: Phishing

Shortcut Express to Infected & Phishing Websites

URL shorteners are a relatively new Internet service. As many social services on the Internet impose character limitations (Twitter is a prime example), these URL are very practical…

For example, you’d spend 64 characters to point to Wiki’s article about URL shorteners: http://en.wikipedia.org/wiki/URL_shortening. With an URL shortener, you can cut that down to 16 characters: http://bit.ly/c1htE.

URL shorteners, however, can be used to hide the real target of a link. Cyber criminals appreciate this “feature” – and use it to hide links to phishing or infected websites. These services usually have terms and conditions comparable to TinyURL:

“TinyURL was created as a free service to make posting long URLs easier, and may only be used for actual URLs. Using it for spamming or illegal purposes is forbidden and any such use will result in the TinyURL being disabled and you may be reported to all ISPs involved and to the proper governmental agencies. This service is provided without warranty of any kind.”

Few seem to care about these terms, which are regularly flaunted in the pursuit of profit. Happily, however, certain services have started to filter shortened links through special services, even if this has so far failed to stem the flow of shortened SPAM URLs.

Below are statistics with the percentage of malicious links identified on 22 popular URL shortener services:

Phishing

Malware

# Shortener % Shortener %
1 tinyurl.com 41.30 k.im 27.87
2 bit.ly 15.29 notlong.com 27.05
3 r2me.com 12.04 tinyurl.com 18.85
4 snipurl.com 7.16 cli.gs 7.38
5 lu.mu 6.50 bit.ly 7.38
6 doiop.com 4.52 doiop.com 4.10
7 notlong.com 3.55 ad.ag 2.46
8 is.gd 1.93 is.gd 1.64
9 tiny.cc 1.81 tr.im 0.82
10 sn.im 1.69 snipurl.com 0.82
11 k.im 0.96 ow.ly 0.82
12 shorl.com 0.66 dwarfURL.com 0.82
13 tr.im 0.60 zi.ma 0.00
14 goo.gl 0.54 u.nu 0.00
15 ow.ly 0.48 tiny.cc 0.00
16 cli.gs 0.30 sn.im 0.00
17 u.nu 0.18 shorl.com 0.00
18 moourl.com 0.18 r2me.com 0.00
19 idek.net 0.12 moourl.com 0.00
20 dwarfURL.com 0.12 lu.mu 0.00
21 zi.ma 0.06 idek.net 0.00
22 ad.ag 0.00 goo.gl 0.00

Source: Avira Virus Lab, taken from the month of July, 2010.

Shortened Links Can Mask A Threat

To give you an example, would you click on the following link?

www.ssl-albion-netbank.com/143.027.902

Probably not… The bank’s made-up name and use of random numbers would rightly give you misgivings. However, under a shortened guise – http://goo.gl/mDNuMg – one would not know that it’s a phishing website (in this case, a dead link).

Recommendations:

The bottom line is that if you can, avoid clicking on shortened URL links. If you do need to click on shortened links, copy and paste the link into a link lengthener – such as http://longurl.org/, which displays the full version of the links without having to click on it (exists also as a browser extension for Chrome and Firefox).

Finally, we recommend you equip yourself with Avira’s free Browser Safety extension, also for Chrome and Firefox, which blocks infected websites before they load. To learn more about Browser Safety, visit Avira’s website here: https://www.avira.com/en/avira-browser-safety

The post Shortcut Express to Infected & Phishing Websites appeared first on Avira Blog.

Shortcut Express to Infected & Phishing Websites

URL shorteners are a relatively new Internet service. As many social services on the Internet impose character limitations (Twitter is a prime example), these URL are very practical…

For example, you’d spend 64 characters to point to Wiki’s article about URL shorteners: http://en.wikipedia.org/wiki/URL_shortening. With an URL shortener, you can cut that down to 16 characters: http://bit.ly/c1htE.

URL shorteners, however, can be used to hide the real target of a link. Cyber criminals appreciate this “feature” – and use it to hide links to phishing or infected websites. These services usually have terms and conditions comparable to TinyURL:

“TinyURL was created as a free service to make posting long URLs easier, and may only be used for actual URLs. Using it for spamming or illegal purposes is forbidden and any such use will result in the TinyURL being disabled and you may be reported to all ISPs involved and to the proper governmental agencies. This service is provided without warranty of any kind.”

Few seem to care about these terms, which are regularly flaunted in the pursuit of profit. Happily, however, certain services have started to filter shortened links through special services, even if this has so far failed to stem the flow of shortened SPAM URLs.

Below are statistics with the percentage of malicious links identified on 22 popular URL shortener services:

Phishing

Malware

# Shortener % Shortener %
1 tinyurl.com 41.30 k.im 27.87
2 bit.ly 15.29 notlong.com 27.05
3 r2me.com 12.04 tinyurl.com 18.85
4 snipurl.com 7.16 cli.gs 7.38
5 lu.mu 6.50 bit.ly 7.38
6 doiop.com 4.52 doiop.com 4.10
7 notlong.com 3.55 ad.ag 2.46
8 is.gd 1.93 is.gd 1.64
9 tiny.cc 1.81 tr.im 0.82
10 sn.im 1.69 snipurl.com 0.82
11 k.im 0.96 ow.ly 0.82
12 shorl.com 0.66 dwarfURL.com 0.82
13 tr.im 0.60 zi.ma 0.00
14 goo.gl 0.54 u.nu 0.00
15 ow.ly 0.48 tiny.cc 0.00
16 cli.gs 0.30 sn.im 0.00
17 u.nu 0.18 shorl.com 0.00
18 moourl.com 0.18 r2me.com 0.00
19 idek.net 0.12 moourl.com 0.00
20 dwarfURL.com 0.12 lu.mu 0.00
21 zi.ma 0.06 idek.net 0.00
22 ad.ag 0.00 goo.gl 0.00

Source: Avira Virus Lab, taken from the month of July, 2010.

Shortened Links Can Mask A Threat

To give you an example, would you click on the following link?

www.ssl-albion-netbank.com/143.027.902

Probably not… The bank’s made-up name and use of random numbers would rightly give you misgivings. However, under a shortened guise – http://goo.gl/mDNuMg – one would not know that it’s a phishing website (in this case, a dead link).

Recommendations:

The bottom line is that if you can, avoid clicking on shortened URL links. If you do need to click on shortened links, copy and paste the link into a link lengthener – such as http://longurl.org/, which displays the full version of the links without having to click on it (exists also as a browser extension for Chrome and Firefox).

Finally, we recommend you equip yourself with Avira’s free Browser Safety extension, also for Chrome and Firefox, which blocks infected websites before they load. To learn more about Browser Safety, visit Avira’s website here: https://www.avira.com/en/avira-browser-safety

The post Shortcut Express to Infected & Phishing Websites appeared first on Avira Blog.

Google Adds Hardware Security Key For Account Protection

Google is introducing an improved two-factor authentication system for Gmail and its other services that uses a tiny hardware token that will only work on legitimate Google sites. The new Security Key system is meant to help defeat attacks that rely on highly plausible fake sites that are designed to capture users’ credentials. Attackers often go […]

Ebola scams spread faster than actual disease in panic-striken U.S.

shutterstock_204144223 (2)

Cybercrooks use popular stories in the news to deceive people into giving up confidential information.

The dreaded disease Ebola that is spreading rapidly throughout West Africa made landfall in the US recently, and since then many news agencies have sensationalized the “outbreak” with constant coverage. Panic has grown as politicians raise the public’s fears and medical experts are confusing people with contradictory information. These things all combine to create the perfect atmosphere for scammers.

It’s quite common for cybercrooks to use social engineering techniques to fool people during a big news event, and we have seen an increase in phishing attempts. The United States Computer Emergency Readiness Team (US-CERT) issued an alert today to remind users to protect against email scams and cyber campaigns using the Ebola virus disease as a theme.

“Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system, “ says the advisory.

Users are encouraged to use caution when encountering these types of email messages and take the following preventative measures to protect themselves:

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

 

What is Phishing?  

No doubt you have wondered and asked yourself on more than one occasion, what is phishing and how can it affect you.

All of us know that it is some type of scam, although perhaps there are many who don’t know exactly what it is or the techniques used by hackers and cyber-criminals.

So, exactly what is phishing? Basically, also known as email phishing, it involves sending emails, which appear to come from trusted sources, such as banks etc, though really they are aimed at stealing confidential information from users.

These emails usually include a link which when clicked, takes you to a spoof Web page. These pages appear genuine though they are really like a mirror that hides the criminals whose sole aim is to steal your personal data.

The problem is that users think they are in a trusted site and therefore enter the requested data. However, this confidential data will fall straight into the hands of the scammers and can then be used for some type of fraud.

That’s why it is always best to access web pages by typing the address directly in the browser.

what is phishing

How to recognize a phishing message

It’s not always easy to recognize phishing messages, particularly if you are a client of the company from which the message has supposedly been sent.

  • Even though the ‘From:’ field of the message shows the address of the company, it is not difficult for a criminal to alter the source address of the email in any mail client.
  • The email may have the logos and trademarks of the organization, yet these can easily be lifted from the company’s website.
  • The link in the email seems to point to the company’s website, though really it takes you to a fake page which will ask you for your user name, password, etc.
  • Very often these messages contain spelling or grammatical errors that you would not normally expect in official communications from the genuine company.

It’s also important to bear in mind that although phishing has traditionally used email, now, with the increasing popularity of smartphones and social networks, there are new channels of attack.

Another thing to be aware of is that although we normally talk about phishing in the context of banks, cyber-criminals often use any popular website or platform (Ebay, Facebook, Paypal, etc) as bait for stealing personal data.

But remember, no company will ever ask you to send them your personal details via email. If they do, be very suspicious!

Moreover, as a stich in time saves nine, you can always add an extra layer of protection by installing one of our new 2015 antivirus solutions. To do this, all you have to do is visit our free antivirus page and select the one that best adapts to your ideal level of protection.

The post What is Phishing?   appeared first on MediaCenter Panda Security.