Thursday, July 16, 2009
Customer self-service and social Web communities like Twitter and Facebook vs. spammers, scammers and hackers
Organizations from large corporations to small medical centers are bridging the gap between their cloud-computing customer service and support contact centers and social Web communities like Twitter and Facebook.
See, for example, https://www.salesforce.com/form/demo/csm_reg.jsp?d=70130000000EoNf
This means that there are new targets for spammers, scammers and hackers.
At the bottom of my May 30, 2009 post I added the following note on full-URL links vs. compressed links:
I've been asked why I didn't use link-shrinkers in earlier posts. Here's why:
First, I should say that there are some things I like about link compression: Some link-shrinkers let you personalize the new address with a unique phrase such as your name, or show you how many people click the link after you've posted it. Furthermore, link compression is just the beginning. More and more of these outfits allow users to see all sorts of details like where a link is showing up around the Web and where the people clicking on it are located.
However, this convenience may come at a cost. The tools add another layer to the process of navigating the Web, potentially leaving a trail of broken links if a service suddenly closes shop. They can also make it harder to tell what you're really clicking on, which may make these Lilliputian links attractive to spammers and scammers.
But popularity and convenience don't eliminate the potential risks of these link loppers. If so many services are springing up, chances are some will just as quickly disappear. And if a URL shortening service goes down, the links created with it could lead nowhere.
Another worry is that you're not likely to know exactly where a truncated link will take you. So you could be directed to unsavory or illegal content or something malicious like a computer worm. This means URL shortening services need to keep an eye on the kinds of sites their users are linking to.
Purveyors of spam and malicious software are taking full advantage of URL-shortening services like bit.ly and TinyURL in a bid to trick unwary users into clicking on links to dodgy and dangerous Web sites. Fortunately, with the help of a couple of tools and some common sense, most Internet users can avoid these scams altogether.
According to alerts from anti-virus vendors McAfee, Symantec and Trend Micro, the latest to abuse these services is the Koobface worm, which targets users of social networking sites like Facebook (Koobface is an anagram of Facebook) and Myspace. It's now also spreading via microblogging service Twitter. Koobface arrives as a message that urges users to click on a link to a video, which invariably leads to a site that prompts the visitor to install a missing video plug-in. The fake plug-in turns the user's system into a bot that can be used for a variety of criminal purposes, from spamming to attacking other computers and spreading the worm.
TinyURL, which is among the longest-running URL shortening services, lets you automatically enable the preview of all shortened URLs. Just visit this page and click the "Enable Previews" link, and from then on TinyURLs will be converted into their longer form when you visit a Web page that features them. You must have cookies enabled in your browser for this setting to take, and you will need to set the cookie for each browser you use.
If you browse the Web with Firefox, there is an add-on called Long URL Please, which currently converts URLs shortened by 72 different services, including bit.ly, cli.gs, digg.com, is.gd, kl.am, ow.ly, tr.im, and tinyurl.com. Long_URL_Please also works in Internet Explorer and other browsers: Simply add their bookmark to your bookmarks, and then click on it when you're at a page that includes shortened URLs to display the long URL.
Firefox users who are familiar with the Greasemonkey add-on may prefer the Tiny URL Decoder script , which also works with a long list of URL shortening services.
Expandmyurl.com is another bookmarklet approach that works across browsers.