Phishers Hide their Hooks in Short URLs

We have recently encountered a more elaborate phishing scheme, one which includes cleverly hidden links.

Some days ago we received an email titled “American Express has an important update for you”. Funny, I don’t recall having an AMEX account… and the email from which the message was sent from was all to suspicious and not connected to AMEX: [communication.4abr7w64haprabracrafray552dreste[at]azurewebsites.net].

Phishing_Email

 

 

Still, I kept reading the message which was all about the new anti-SPAM law:

Effective July 20, 2014, United State’s new anti-spam law comes into effect and American Express wants to ensure that your representative will be able to continue sending you emails and other electronic messages without any interruptions. In addition to messages from your representative, we may also send you other electronic messages, including but not limited to newsletters and surveys as well as information, offers, and promotions regarding our products and services or those of others that we believe you might be interested in (“Electronic Messages”).

The next paragraph contained a request to click an “I Agree” link to express consent to receiving Electronic Messages from AMEX.

The hyperlink points to bit.ly address. Here’s the catch.

We all know that by hovering above a suspicious link we can usually see where it points to, and this is usually different than the link itself (the link could say “americanexpress.com” but hovering above it will show the real address “russianspammers.ru”).

So in this case we cannot simply identify the destination of the link. What can we do?

Simple. Just paste the link address in getlinkinfo.com (or similar service), and voila, you can see the original link (and in this case, with a warning attached).

GelLinkInfo

 

 

 

 

 

So other than the cynical use of anti-SPAM email to actually promote SPAM, the sender cleverly hides the real address inside a URL shortening service, making it more difficult to detect for the unsuspecting eye.


7 thoughts on “Phishers Hide their Hooks in Short URLs

  1. Excellent information – both for user awareness and the validation site. Thanks for sharing. “Knowledge is Power to be shared”

    1. I must have a bad connection. Whats your point? All I can take away from that is the fact SenseCy chose to be fair as my reading your post is proof of that. Hey SenseCy – you all are still producing quality and professional material (unlike some) and thats in addition to some rather demanding conditions. My best to all. greg

  2. I wanted to pass along another site – Quttera. They went out of their way on one occaision to assist me and I am glad I had the chance to pay them back here. In my humble opinion they provide both accurate information, they also provde outstanding service.

  3. Hi All, thanks for your supportive comments!
    Yes, nothing new here, its’ just most people don’t know about this and we try to share our knowledge when we can, even if professionals find it trivial. check our recent post for much more hardcore stuff (frankly, we don’t plan on posting novice/pro related posts, we are mostly guided by what we find…)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s