Recent
DO NOT CLICK!
So I was listening to the latest PaulDotCom security weekly podcast episode 232 via my SecurityPodcasts Boxee app where Mike Murr or Murray or both?! were talking about effective Phishing and how to be 110% successful.
My phishing experience is minimal so I decided to find out for myself how easy it was to get people to click on ‘malicious’ hyperlinks. I did this by tweeting the following from my ethicalhack3r Twitter account.
“DO NOT CLICK => http://bit.ly/eIC1Y2″
As you can see I tweeted the words “DO NOT CLICK =>” followed by a shortened bit.ly hyperlink. I suspect that most of my (at the time of writing) 3000 followers are in some way interested in information security and are all well aware of the potential risks of clicking unknown shortened hyperlinks. Or so you would think.
The http://bit.ly/eIC1Y2 hyperlink leads to http://www.ethicalhack3r.co.uk/spam/spam.html which if your too afraid to click on looks like this. (there is no reason not to click on the aforementioned link… I swear… no really…)
Want to know how many people actually clicked on that ‘malicious’ shortened bit.ly hyperlink? At the time of writing the link was clicked 183 times and retweeted 8 times. Wow! 183 clicks! Not forgetting the type of people I suspect follow me, I tweeted on a Sunday night and just the once. To see the stats for yourself: http://bit.ly/eIC1Y2+
Now I suspect most of my followers clicked the link because they knew that I would never really post malicious content as I have never done so before. However even if this is the case, who’s to say that my Twitter account wasn’t compromised and a real malicious user was actually trying to compromise my followers?! I suspect some clicked out of sheer curiosity, finding out what is behind that link is more valuable to them than actually getting owned.
There are a couple of ways of protecting yourself from this type of attack:
Keep your software up to date! – http://secunia.com/vulnerability_scanning/online/
Do not click on untrusted hyperlinks no matter who they are from.
Web Exposed Firefox Plugin – https://addons.mozilla.org/en-US/firefox/addon/web-exposed/?src=collection&collection_id=6fa2752d-f181-3d1d-bccf-508f5ff7c939 (thanks to @securityninja for this one)
GetLinkInfo – http://www.getlinkinfo.com/ (thanks to @digininja for this one)
2 Responses to “DO NOT CLICK!”
wilycote
Lol
Im surprised you didnt get any replys posted after they clicked
for the record i didnt! Honest!
Alex
Of course, since you are followed by many people with an interest in security, it’s possible that some of those clicks were from dedicated analysis machines to get a good look at some juicy malware. There ARE actually reasons to knowingly click on malicious URLs.
I can also use http://bit.ly/eIC1Y2+ to see what the URL is before I click, recognize that it’s likely not dangerous, and see what’s there. Without knowing why and how people clicked on the link, it’s impossible to know if they were being safe or cautious.