Wednesday, October 9, 2019

Beware short URL links to videos!

Using an idea from the KnowBe4 blog, recently I ran a phish test of over 3,000 people that returned a 100% open-to-click rate. That means that every individual who opened the test email clicked the link. I've never seen a click rate that high in my career.

The email was quite simple:

The subject line displayed only the recipient's first name.
The body of the message was this, and this alone:

I saw you in this video! https://bit.ly/<random 7-character string>.

See the brief article here: https://blog.knowbe4.com/video-becomes-the-next-big-bait-for-social-engineering?utm_content=100985508&utm_medium=social&utm_source=linkedin&hss_channel=lis-TEZp_Z6yIE...

...or here: https://bit.ly/2pVITpD.

Both links above point to the same article, but the second link is a "short URL" that I created on bitly.com. These are also known as "tiny URLs," and they are easily decoded.

If you get an unexpected or unusual text message or email enticing you to click a tiny URL, be sure to decode it at a site like checkshorturl.com and verify the destination domain is trustworthy before clicking it.