Trusted Links Are
Not So Trusted Now!
One of the best ways we’ve had of anticipating that a direct-message link in twitter was safe has been careful observation of the URL.
Usually, spammers would either use shorteners to hide the true URL or would use a URL that looked similar enough to the real (safe) one that it would fool the average user.
This has just come to a grinding end…
When I saw the URL Redirection apps begin to turn up in the Facebook application collections, I knew we were about to be in trouble… but I didn’t quite know how it would materialize.
What you see here is a TRUE Facebook link, which can not be previewed, linking to a URL redirection app that then passes you to a dangerous site (that is not on Facebook).
Two advantages happen here for spammers:
1) Facebook is trusted and people WILL click these links.
2) Twitter isn’t going to block all Facebook links going through DMs.
Because they get passed by infection… one of these links can soon end up being shared by thousands of people and create a very viral mess.
So what good are these things anyways?
A safe and logical use of a URL redirection app is my use of the WooBox app to redirect my Contact Me tab to the contact form on my blog. This lets me route all of my incoming messages through my chosen system.
There’s nothing wrong with this type of app… except that, as usual, spammers have to mess it up for everyone.
So now what?
As you can see in the image above, there are plenty of tell-tale signs of nefarious behavior in most problematic DMs.
The first one is very very obviously a phishing scheme. The second one was unsolicited (but not infected) spam that redirected to a CPA offer.
The usual rule of “Think Before You Click” definitely comes into play with these links.
Routinely changing your password and having the https setting enabled helps thwart some of these dangers.
Unfortunately, we are likely to soon see these same Facebook redirected URLs becoming a challenge on other social sites as well. Keep your eyes open for it.
Please share this with your friends and social channels so we can help minimize the accidental spread of this within our own communities.
~ Kim ~
Simple Tech Tips For Marketing
PS: I did notice that at the moment, spammers are using the more trusted facebook.com url which actually has not been shortened by Facebook’s safe-but-less-trusted http://fb.me and URLs. This is likely to change however so it can not be counted on as a litmus test.