About Cofense
About Cofense
Free Tools
Free Tools
Build Resilience
Create Transparency
Speed Response

Welcome to the Cofense Blog

Get the latest information on phishing threats and trends, BEC, ransomware and credential phishing, plus Cofense product updates.

Follow us on Social Media

With Shutting Down, Will Attackers Move to Less Transparent URL Shorteners?

Google recently announced it was shutting down, its URL shortener service. Going forward, you’ll find short-link provisioning in Google’s Firebase mobile and web application platform.

So why are we writing about this?

CofenseTM has blogged about attackers using shorteners to mask a phishing link’s destination—typically a link delivering malware or tricking people into giving up credentials on a fraudulent page., along with and a few other services, has helped security teams preview the destination of  shortened links by adding a + to the end. It’s a big help when investigating links for potential malicious activity.

As retires, will attackers move to other platforms that lack this kind of transparency? Attackers who no longer use links anonymously may well seek alternatives. They have plenty of options.

You have options, too. You can check shortened URLs using link expander services. The expanded URL reveals the true destination. This article in Connect (NYU) is a good overview on using expander services:

And you can always rely on good old common sense. If an email looks weird, report it. Don’t take any chances!

To learn more about attackers using shortener services to camouflage attacks, read this Cofense analysis.