…if Cory Doctorow can. I agree with the commenter who says that URL shorteners are evil. I’m always nervous about clicking on them, because there’s no way to tell where it’s going to take you.
6 thoughts on “Anyone Can Get Phished”
Comments are closed.
“URL shorteners are evil. I’m always nervous about clicking on them, because there’s no way to tell where it’s going to take you.”
Then don’t.
You may be in a situation where sometimes you have to – for your work – but I won’t click on them, or for that matter most links that arrive in my inbox (unless it’s something I sent from work to home to save for some reason).
And that includes links from people I know. It’s just not worth it.
And evil on another level are urls that are so long they do not fit in a browser address bar usually ending with a long combination text and number string. National Review is one of many sites that use that type.
Ultimately the net has to be policed or it will become unusable. I would start by charging a minuscule price for sending e-mail. Say a thousandth of a cent for each one. I would stop right there if it did the trick. Based on what I have read about the economics of spam that might be good enough. I am open to suggestions but something needs to be done!
I have to disagree.
Doctorow was stupid. He didn’t check the URL for the login page before entering a password. Dumb dumb dumb! The URLs for anything else are not that important (unless you have a buggy browser), but login screens … damn. I was playing around with password phishing on the university’s PDP11 in 1981. This is not a new thing, guys.
Twitter *never* throws up a login screen like that. If you try to do something without being logged in then it shows you the public view of that thing — which might be “You need to log in to see that”.
URL shorteners are very useful, especially on a limited length system such as Twitter.
They’re also very handy when sending links to people whose email program is likely to break the link, or whose browser does not automatically remove line breaks from a pasted link.
All the URL shortening services with which I am familiar provide a way to see where you’ll go to before you go there. e.g. I usually use is.gd. Adding a “-” to the end of a URL takes you to an information page about it. So http://is.gd/cVVwy takes you directly while http://is.gd/cVVwy- takes you to the preview page.
But all this is irrelevant. No harm can come of clicking on a URL unless you do something stupid such as enter confidential information afterwards.
Doctorow, being a self important jerk, considers himself the end all and be all of the net. it’s amusing to see this jerk getting hoisted upon his own over inflated ego
Like Bruce Hoult says, anyone can get phished if you don’t pay attention to what you’re doing. And that is.gd thing is the bomb — I’m going to use that from now on. I’ve been using bit.ly for Twitter though I really don’t like url shorteners for the reason Rand said — you don’t know where they are taking you. I don’t use them for anything else, though. I hate when people use them in blog comments and posts. It’s unnecessary since there isn’t a tiny character limit in such instances.
Oh, and having read the whole article, “I thought phishers only targeted naifs”… and not Important Knowitalls like Cory Doctorow? He doesn’t know a whole lot if he thinks phishers even care who they target. In fact, aren’t they just bots set to randomly email/IM/whatever anyone and everyone? Does he actually think that there’s a boiler room somewhere in Lagos full of cackling evil trolls laboriously typing up each and every phishing message?