720-891-1663

Best Practices, Breach

If You Click on Bit.ly Shortened URLs, Here is Why You Should Stop. Now.

Leave a comment

In case you still think that clicking on any of those shortened web page links (like http://bit.ly/4wx345) is a good idea, here comes the best reason ever NOT to click on those links.

It appears that the Hillary Clinton email leak may have been caused by clicking on one of those stupid shortened URLs.

The problem with shortened URLs is that you have no clue as to what you are clicking on.  You might think you are clicking on Google when in fact you are clicking on some web site in Moscow or Beijing.

Reports are that the Clinton email leak may have started with John Podesta.  He received an email that looked like a Google security alert.

The campaign’s IT team said that it was real.  Given what little has been released about the email, that seems like a terrible call, but in fairness, I wasn’t there.  The email told him that someone attempted to log on to his account from Ukraine and that he should change his password.

That’s all good except that the email did not come from Google.com but instead from accounts.googlemail.com .  The subject line said Someone has your password.

The email said that you should change your password immediately and a link titled CHANGE PASSWORD shows up – suggesting, not so subtly that John should click on the link.

However, the link was not to a Google page.  Instead it was to a shortened Bit.ly link, so if Podesta clicked on the link – Dell Secureworks says that the link was clicked on twice – he was sent to who knows where – and he may have entered his password, giving it to the Ruskies.

Dell’s Secureworks says that 108 of those emails went out and at least 20 of those links were clicked on.  They say that there were 213 of those Bit.ly links created but some were duplicates.

Secureworks says that the account that created those links belongs to Fancy Bear, one of the names for the Russian, state sponsored, hacking team also known as APT28.  While the US Gov has not officially attributed the attack to Russia, they have, apparently, using Ukraine as a proxy, started hacking back, attacking some of Putin’s staff.

My recommendation is that, if you care about your security, avoid clicking on those links.

If you really  have to click on one of those links, there are a number of services (google expand short url), but I don’t have any specific recommendations for which one is best.

Information for this post came from CNN.

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2024 CyberCecurity, All rights reserved. Privacy Policy