Would You Click On An Unknown goo.gl?
For those that don’t know goo.gl is one of the many URL shortening services. tinyurl.com and bit.ly are others you might be familiar with.
goo.gl links can be very helpful. First they give you the ability to shorten very long or complicated URLs you need to send, such as taking, https://acc.tsis.net/cart.php?a=add&domain=register to the online domain registration site for Top Speed Internet Service, and turning it into something more manageable http://goo.gl/sUXQtd. Second goo.gl allows for tracking to see how often that particular goo.gl link was clicked on. This is helpful both for marketing purposes as well as sending an important link and wanting to make sure it was actually clicked on.
Back to the question at hand, would you click on an unknown goo.gl link? As I mentioned above many people are using these shortened links for marketing purposes, but just by looking at a goo.gl link you can’t tell where it’s sending you – so is it safe to click on?
Below is an example of spam a customer of ours recently received.
They’ve got her email and obviously from there her name. After that they’ve used some spammer tricks to try and prevent the email from being blocked by spam filters, like using the underscore “_” between home and based and home and working.
That’s obviously picked a horrible email address, but they have used Microsoft 365 to set it up which gives it a certain amount of legitimacy with filters.
And then there’s that goo.gl address. Is it safe to click on? Does it lead to a good URL? A reputable company? Legitimate home based work? The answer to all of those questions is probably no.
The good news is there are services available online to help you figure out exactly where these shortened URLs lead. GetLinkInfo is one of them. Here’s what information I found when looking into this shortened link.
So this is a redirect to a .EU domain, which is the designation for European Union and has the requirement of having an EU presence. This is not as specific as some that say “Registrant or Citizen of an EU country”, but does say the registrant must have some connection to the EU.
At this point most people in America, even those looking for home based work, after finding this is a company with ties to the EU would delete this email and never think about it again. But being curious I took the next step to learn more about this domain.
As expected workathomehere.eu is a newly registered domain name, registered in February 2014 to someone in Belfast, United Kingdom. The IP address associated with the site is reassigned to Staminus Communications, a hosting company with a specialization in protecting and mitigating DDoS and DoS attacks, which makes it pretty funny that a spammer is using their services to spam from. Well not to them; I’m sure Staminus will have them shut down pretty quickly. Spammers are continually trying to work around it, but most hosting companies have a clear Acceptable Use Policy that includes a provision that spamming is grounds for immediate termination of services.
Just another day and another something malicious and interesting arriving to your inbox.
The lesson is don’t mistrust a goo.gl, bit.ly, tinyurl.com, etc just because it’s shortened, but do take the steps to insure your computer and data’s safety.
[whohit]googlLink[/whohit]