Tools for shortening URLs have become very popular in the age of microblogging, but shortening a URL to incomprehensible code makes it impossible to know what you’re clicking on.
The now quintessential microblogging service is Twitter, which limits messages sent to a group of followers to 140 characters. This makes it difficult to post URLs with long set of parameters that follow. The necessity to shorten those URLs gave rise to services like tinyurl, is.gd, ping.fm, bit.ly, tweetburner and others.
The consequence then became users were clueless about what they were clicking. That wouldn’t be a huge deal so long as the link comes from a trusted source—someone a person knows whom they follow, or a friend on a social network. But recently social network accounts—not so much the networks themselves, except in one very embarrassing breach—have themselves become targets because of users’ lack of good security practices.
As is known throughout the hacker community, a simple dictionary attack has a great track record of cracking a large percentage of user passwords. Because it’s so easy, crooks have been hijacking social network accounts and spamming those persons’ friends, sometimes with malicious intent.
That makes a shortened URL a hacker’s best friend. The recipient trusts the sender and thinks they are being directed to (for example) a CNN news page, but instead find they have been “Rickrolled,” as it is called now, to a dangerous malware-infested website.
Luckily, there are smart people out there to help. One free tool recently developed is LongURL. At the website, a user can double check a shortened URL by pasting it into the tool bar. LongURL will return what address the link resolves to so the user can judge whether or not to click on it. There’s also a Firefox extension that works by mouseover while actually on Twitter and the like, which makes it pretty convenient.
The next thing to do is consider one’s social networking password and make sure the account is not easily hijacked.