Skip to main content

Phishers using shorter URLs to appear more legitimate

There's an interesting news report from ISS (opens in new tab)- IBM's online security division - that claims to show that phishers are using shorter URLs for their malware sites, in a bid to lend an air of legitimacy to their Web links.

According to ISS' Frequency X blog (opens in new tab), analysts have been observing host names within fraudulent phishing URLs as consistently arriving with lengths of between 30 and 37 characters.

However, in recent weeks, ISS' researchers have noted a significant change with phishing host names shrinking down to an average of around 17 characters.

Ralf Iffert, researcher for ISS's X-Force threat analysis team and author of the Frequency X blog, says that this is another step in the increasingly sophisticated social engineering measures adopted by cyber-criminals.

Phishers "appear to have adopted shorter URLs to avoid the suspicion of their potential victims," he said.

Steve Reddock, senior IT specialist with ISS, is quoted by ZDNet Australia's newswire (opens in new tab), as saying this technique is part of long-term trend by criminals to use a best practice approach to their frauds.

"It has to be making money for them, these groups run very efficient businesses," he told the newswire.

And there's me thinking this phishing lark was small-scale...