The language has changed but the modus operandi remains the same. Spammed messages, this time in Spanish, again use TinyURLs to mask the exact destination of the links they contain. Here’s a sample email message:
Figure 1. Sample spammed message.
The message above claims to be from Bancaja, a popular Spanish bank. It tells its recipients that their accounts are temporarily suspended because of possible malicious activities. Users are then told to reactivate their accounts within 24 hours by following the link provided in the message. The exact URL is concealed using TinyURL.
We previously blogged about similar phishing operations that used this exact technique to trick users into thinking links are legitimate:
As TinyURLs become more and more popular, phishers are also exploiting the URL shortening service this said tool provides. They do this make phishing URLs less suspicious and less obvious than using the exact URL, which could be long and totally unrelated to the site a spammed message purports to be from.
The Trend Micro Smart Protection Network already blocks these spammed messages. Ignoring spammed messages keeps systems safe from spam-borne threats. There are also online tools that users could use to verify TinyURLs, like the URL expander offered by http://longurl.org/tools. Substituting preview.tinyurl.com for tinyurl.com also allows users to get a preview of the final link.