[Community-Discuss] Upcoming Abuse Desk Training

[Daniel Shaw]

I am not aware of "documentation" as such (in the sense I understand
documentation in English) or a *definitive* source. This is something
I have picked up from various articles, blogs and podcasts over
time...

It makes sense though, right....

To some degree a URL under a descriptive domain give an indication as
to what I expect to load. I am sure you can argue that, but in general
zoom.com/1234 (or meet.mixp or whatever) is familiar and has some
degree of trust already. Usually a subdomain matching the sender or a
well know brand helps.

There are also checks that could be done on the domain prior to
clicking through, should I choose to do so, if its not known/familiar.

However, http:// alturl (dot) com/ 2r5u3 could literally forward to
*anywhere*. I have no way to know. Clicking that is therefore
dangerous.

In any case, while I did not have a specific reference in mind, as to
me this is a known thing in infosec, a quick google search turns up
many hits.

https://www.helpnetsecurity.com/2018/05/23/url-shortener-cryptojacking
https://thenextweb.com/news/using-url-shorteners-expose-privacy-invasions-malware-attacks
https://cofense.com/url-shorteners-fraudsters-friend/
https://safecomputing.umich.edu/be-aware/phishing-and-suspicious-email/shortened-url-security
https://blog.malwarebytes.com/threat-analysis/2016/01/when-url-shorteners-and-ransomware-collide/

Thats just from the first page of the first google search I tried.

Of course, while shortened URLs are in general dangerous to most
non-tech Internet users, they can be checked if you have a terminal
with curl handy:

```
❯ curl -o /dev/null -s -v http://alturl.com/2r5u3 2>&1 |grep 'Location:'
< Location: https://gouv-bj.zoom.us/meeting/register/tJIqfuyppzwrGNWB6OD779-Thqu0ej0iJJEW
```

The result is really not that long that it would have been an issue to
paste into an email as is.... so why shorten it and obscure it?

On Tue, 11 May 2021 at 21:34, Ish Sookun <ish at lsl.digital> wrote:

>

>

> Grateful if you can point me to the documentation on this.

>

> Regards,

>

> Ish Sookun