Researchers at Web of Trust found that 5% to 10% of shortened URLs point users to malicious sites. Should enterprises...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
educate users to not click on shortened URLs? Do any antimalware products scan shortened URLs for malicious intent?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Web of Trust (WOT) researchers published a detailed analysis of shortened URLs pointing to malicious URLs. They found that anywhere from 5% to 91% of shortened URLs, depending on the service and country, point to unsafe websites. The more common URL shorteners appear to have the lowest percentage of malicious short URLs, whereas 91% of the websites linked to by shortened URLs from .ac (Ascension Island) domains were rated poorly.
Enterprises can educate users to critically evaluate shortened URLs, websites, emails and other messages, but this may not be an effective way to prevent users from clicking on a malicious short URL. Some of the same issues are found in malicious QR codes, where a user can't distinguish the destination URL from the short URL. WOT offers a free browser add-on that can help protect against unsafe websites. There are some other technologies beyond the WOT browser add-on, including browser add-ons that display the full URL for a shortened URL, that can check the reputation of the destination website. Some antimalware products do scan URLs, including shortened URLs, for malicious intent. All of these technologies can provide additional protection in case a user clicks on a malicious URL.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Locky ransomware has borrowed features from Dridex malware, which focused on attacking banks. Expert Nick Lewis explains Locky's techniques and how ...continue reading
The Mazar malware can wipe an entire Android device once it has been installed. Expert Nick Lewis explains how this malware works, and how attacks ...continue reading
MouseJack, a wireless mouse and keyboard security flaw, allows attackers to type malicious commands. Expert Nick Lewis explains how enterprises can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.