Phishers are using shorter URLs for malicious sites in a bid to lend an air of legitimacy to threatening links.
Internet Security Services, IBM’s online-security division, claims to have noticed a significant drop in the number of characters used by fraudsters in their phishing URLs.
A post on ISS’s Frequency X blog stated that “analysts have been observing host names within fraudulent phishing URLs consistently arrive with lengths of between 30 and 37 characters”; observers “have noted a significant change” as phishing host names have shrunk down to an average of only 17 characters in recent weeks.
Ralf Iffert, researcher for ISS’s X-Force threat analysis team and author of the Frequency X blog, believes this is another step in the increasingly sophisticated social-engineering measures adopted by cybercriminals.
Phishing, Hacker, URL, Spam, Malware, Malicious site