Wednesday, October 9, 2019

Beware short URL links to videos!

Using an idea from the KnowBe4 blog, recently I ran a phish test of over 3,000 people that returned a 100% open-to-click rate. That means that every individual who opened the test email clicked the link. I've never seen a click rate that high in my career.

The email was quite simple:

The subject line displayed only the recipient's first name.
The body of the message was this, and this alone:

I saw you in this video!<random 7-character string>.

See the brief article here:

...or here:

Both links above point to the same article, but the second link is a "short URL" that I created on These are also known as "tiny URLs," and they are easily decoded.

If you get an unexpected or unusual text message or email enticing you to click a tiny URL, be sure to decode it at a site like and verify the destination domain is trustworthy before clicking it.