How To Vet URL Shorteners #2016CampaignEdition

John Podesta, the Chairman of Hillary Clinton’s 2016 presidential campaign, allowed his Gmail account to be compromised in March 2016. And as a consequence, his correspondence has been in the news throughout the month of October.

Recently, the March 2016 phishing message itself was published.

John Podesta Phishing Message

Do you notice anything odd about the message?

The very first thing that jumps out at me is this: WTF is a Bitly link doing there in what’s supposed to be a message from Google? Apparently, Podesta’s IT guy failed to flag this message as suspicious when he asked about it. A “support message” with a short link should always, always equal a big red flag.

Because first of all, to the best of my knowledge, Google support doesn’t use a URL shortener. And second, even if it did, it would undoubtedly use Google’s own URL shortener service at goo.gl (and not bit.ly).

But the real tragedy of the situation is this… it’s very easy to check bit.ly and goo.gl short links. All one needs to do is to add a “+” to the end of the URL. Adding a plus character to the link in the Podesta phishing message (bit.ly/1PibSU0+) yields this information from bitly.com.

John Podesta Phishing, Bitly URL Info

com-securitysettingpage.tk

A Google account page located on the .tk TLD? No. At this point, anybody should be able to determine it’s a trap.

Also, 2 clicks?

Both of them from the USA. Once by the IT guy and once by Podesta? Not a whole lot of vetting going on here, evidently.

Amusingly, part of the phishing site can still be viewed via Google Cache.

John Podesta Phishing, Google Cache

It’s a copy of John Podesta’s Wikipedia Page.



Articles with similar Tags