Phishers Shorten their URL to Look More Convincing
Phishers are using shorter URLs by reducing the number of letters in the address to appear more convincing, according to IBM's online security unit, the Internet Security Services.
In the last few months, X-Force analysts at Kassel-based ISS have been noticing that host names in the fraudulent URLs consistently contain characters ranging from 30 to 37. Further, in the past few weeks, the ISS X-Force found a significant variation when the length of the phishing URLs shrunk to around 17 letters.
This shortening of URLs has resulted in less variation in the host names. But the numbers of new domain names that produce the shortened URLs haven't decreased. In fact, new domains averaging to several hundreds are being generated every week. Also, the volume of spam mails intended for phishing too hasn't decreased. They continue to arrive at an average rate of 0.2% to 1.6% of total spam.
The overall volume of phishing attacks did not decrease but phishers seem to be using shorter URLs in an attempt to look more convincing to their victims. This implies that the chances of using the same host name in a number of phishing e-mails have gone up.
Senior IT Specialist for ISS, Steve Reddock, said that while phishers keep testing new techniques, they usually remain for brief time period. CnetNEWS published this on December 3, 2007. However, the latest trick of using compressed URLs has been there for a time long enough to describe it as a favorite practice for online fraudsters.
According to Reddock, as users are now more wary of harmful links, it has reduced revenues for phishers, prompting the criminals to find new approaches.
The Head of technology for Asia-Pacific region at Sophos, the security company, Paul Ducklin, said that both security firms and users should be cautious in making assumptions that depend on the size of the URL, short or long. CnetNEWS published this on December 3, 2007.
Users treading with caution might reliably correlate length of the URL with its risk. But certain e-mail could show a fake URL with a completely different look, apart from its deceptive length, Ducklin said.
Related article: Phishers Expand Their Sphere of Attacks
» SPAMfighter News - 15-12-2007