Twitter is one of the most popular social networks to promote your eCommerce brand and products, and for customer support. It is the world’s fourth-largest social network, it is not surprising that Twitter malware attacks are increasing over the years. Discover in this article how Bitly unleashed the power of malwares on Twitter. Whitout forgetting tips and free plugins to expand shortened links and avoid to be hacked.
When Bitly unleashed the power of malwares on Twitter
Twitter is one of the most popular social networks to promote your eCommerce brand and products, or to bring customer support. It has revolutionized the way millions of people consume news. With 302 million active users, Twitter is the world’s fourth-largest social network, it is not surprising that Twitter malware attacks are increasing over the years.
On Twitter like on many social networks, it’s a common practice to use shortened redirect URLs rather than linking directly to the original URL of a page. This is especially common when character limits are imposed, such as Twitter’s 140 character maximum. The most used tools to shortened urls in Twitter is the famous Bitly addons/website:
Image from: Bitly.com
Many persons are tempted to click without thinking when they see a well writing call-to-action, illustrated with a photo and a link. From a security perspective, blindly clicking on redirect URLs is probably not the best idea, especially if you don’t know the user who shared it. Even a trusted user’s account could be hacked and used to spread malwares.
According to a Kaspersky study, malwares are abundant in Twitter urls. About one on 500 shortened urls’s lead to a malware or a site hosting a malware. On the urls examined, between 100 and 1.000 a day are hosting malware. The most spread malware if a trojan cliker, for about 31% of the malware found:
Image from: wired.com
Let see now how to expand shortened links and avoid to be hacked.
How to expand shortened links and avoid to be hacked?
Thankfully, many URL shortening services offer ways of previewing the full URL before visiting it. There are two ways to expand shortened links : manually with sites that will preview links for you or with addons for your browsers.
Here are a couple of sites that can help you with:
- ToolsVoid: http://www.toolsvoid.com/unshorten-url
- LongURL: http://longurl.org/expand
Theses sites and addons will help you to expand shortened urls for many sites and not only Bitly. As most urls are shortened with Bitly on social networks, I’m giving you a magic trick which requires no plugins or external sites to expand Bitly redirect urls:
[indeed-social-locker sm_list=’fb,tw,li’ sm_template=’ism_template_3′ sm_list_align=’horizontal’ sm_display_counts=’false’ sm_display_full_name=’true’ locker_template=6 sm_d_text='<h2>This content is locked</h2> <p>Share This Page To Unlock The Content!</p> ‘ ism_overlock=’default’ ]
To check a suspicious Bitly shortened link, just copy and paste the bit.ly link into your browser address bar. Then add a « + » after the link and hit Enter. The real url will be revealed with additional information about the link (who share it, when it was generated…) and statistic information.
For example with this article, the shortened link is http://bit.ly/1gUDd5D then add a « + » and you will see that the expand link is https://www.ozon.io/blog/en/twitter-could-be-your-worst-enemy/
Protecting eCommerce endpoints from Twitter malwares
Twitter users follow accounts that they trust. But Twitter malwares create malicious tweets and sends them through a compromised account of a trusted person or organization, followers assume the tweets are genuine.
As we just explained, a shortened url can be used to disguise the underlying address so that followers have no way of knowing if the link is suspicious. It is possible that these urls lead to malicious web pages. If so, when the browser renders the Web page’s content, an exploit can silently download the malware to the user’s computer.
This type of attack increases the need for online shops to prevent from malwares and sophisiticated web attacks before it is too late. To check if your site is already compromised, I advise you OZON Cybersecurity solution that is free to try.
Have you ever been a victim of a compromised short link? If yes, be my guest to post a comment.