Advisory on risk of Shortened URLs

Uniform Resource Locator (URL) shortening is a technique used to generate a shorter hyperlink that is more user-friendly, while directing users to the original webpage.

An example: 

You could take a long link such as https://www.moic.gov.bt/dangers-of-short-links-2487975 and use a shortening service to make it into a nice short link that looks like https://bit.ly.com/g234. Shortened URLs, such as those from bit.ly or tinyurl. make it easy to type in a web address quickly, but difficult to determine where the web browser will actually direct you.

Risk : 

Clicking on dubious shortened links that redirect users to illegitimate websites may allow attackers to carry out malicious acts, such as installing malware, viruses, disrupting your device’s operation and gathering your personal information.

Security Recommendations:

  • Exercise caution towards shortened URLs, such as those involving bit.ly and tinyurl. We strongly recommend users to hover their cursors over the shortened URLs (if possible) to see the full website domain which you are visiting. 
  • Only click on URLs that clearly indicate the website domain. When in doubt, users can search for the organisation’s website directly using search engines to ensure that the websites you visited are legitimate.
  • Pay particular attention to any misspelling and/or substitution of letters in the URLs of the websites you are browsing.
  • Look out for valid encryption certificates by checking for the green lock in the browser’s address bar before providing any sensitive information such as personal particulars or account login details. 

For further information,contact: +975-02-338606, Email : cirt@btcirt.bt

References: 
https://www.csa.gov.sg/singcert/advisories/advisory-on-risks-of-shortened-urls
https://www.cert-in.org.in/
https://www.lifewire.com/dangers-of-short-links-2487975