The Ministry of Interior’s Anti-Cybercrime Department on July 23 warned the public of nefarious, tech savvy opportunists who use URL shortener services to direct people to phishing websites that steal personal information, or initiate malware downloads.
The department reported a surge in malware peddlers using URL shorteners in disguised attacks targeting iOS and Android, urging the public not to click on links from unknown sources.
URL shorteners mask the original link completely, which nefarious individuals can use to their advantage to lure unsuspecting victims to phishing or malware-infected websites, it noted.
Scammers can use malware to create fake events in iOS and Android calendars that bring up monetised ads or porn images, it said, warning that Android users were especially vulnerable due to the operating system’s reliance on an open-source code.
The department cautioned that AdBlock, which purportedly stops browsers from downloading malicious ads, could be manipulated to display messages prompting users to visit malware-infected websites.
According to the team behind AdBlock, the browser extension is an open source software, “which means that anyone can take our code and use it for their own, sometimes nefarious, purposes”.
“The official browser extension stores and our website, https://getadblock.com, are the only safe places to get AdBlock,” it said.
The department urged caution when dealing with links on mobile devices. “Don’t click the links that have no clear sources, in order to avoid taking malware into your phones or your data being stolen.”
SecurityMetrics Inc security analyst David Page cautions that mobile devices are generally not as secure as computers.
“The same security measures that companies use for workstations and servers usually aren’t in place for mobile devices. Because of this, mobile devices may not be protected by things like firewalls, encryption or antivirus software,” he said.