URL Shortening Services

Threat Level: Low

Threat Type: Malware, Phishing

Advisory Date: 07/13/2023

Description

URL Shortening Services can be used as a method of making long and cumbersome urls easier for users to digest.

They are also often used by malicious actors in attacks such as phishing emails to make users more likely to click on links.

Examples of some URL shortening services are:
bit.ly, tinyurl.com, ow.ly, t.co, goo.gl, amzn.to, youtu.be

A URL shortening service can make a URL like the following:
http://165.124.215.113:5050/extremely/long/URL/?_encoding=UTF8&node=6169741011&fbn=6205177010&ref_=Oct_f_odnav_d_6205177011_4&ph_rd_w=Zop1O&pf_rd_p=cc78c76-75ae-47b4-87de-7865ecbacb24&pf_rd_r=6Y7HCJHGQMGZ9K48032V&pd_rd_r=87558a48-5a80-42b8-9118-f8a1d97c5865&pd_rd_wg=PFX0k

Look look a lot nicer:
https://bit.ly/55tTSX1m

A URL shortening service can also make a malicous website:
www.badguy.com/hackyou

Look a little less frightening:
https://tinyurl.com/goodguy

Phishing Email Example:

Dr. Smith has shared a file with you
Click the link to view the file: https://bit.ly/8tHRT7a

Impact

URL shorteners pose a risk to the University by increasing the likelyhood of users accessing malicious links.

It's important that users are aware of what URL shortening is and how to identify the true destination of a link from an untrusted source.

Resolution

To find the true destination of a link, you may use any of the services below. They are free to use and will take any link and show it's true destination.

https://wheregoes.com/
http://checkshorturl.com/
https://unshorten.it/

Resources

Please contact the IT Support Centre if you have any questions or require assistance:
Email IT.Support@uregina.ca
Phone 306-585-4685
Webform https://www.uregina.ca/is/forms/ticket.html
In Person at ED 137 or Archer Library Commons