URL.ie Blog

May 12, 2011
“Why was my [Facebook/CraigsList/Yahoo/etc.] access blocked?”

# Category: Tips      

A common question we get asked is why one’s access to a web service was blocked. The short answer is that we blocked the short web address (URL) on our service because it linked to a phishing, or fake, site. The longer explanation is as follows!

Some not-so-nice person, some where, created a phishing site designed to trick innocent users in to providing their login details to a popular web site, or web service, such as Facebook.

That person then used our free URL shortening service to create a short URL pointing to their new fake site, and include it in an email worded to trick you in to visiting that address to rectify some problem, or validate your account. Often it’s worded as an urgent security notice, or an important upgrade. To make it harder to detect, they use a forged “from”address to make it look as if the email came from Facebook (or whatever site is being attacked).

Now, replace that person with a botnet to do the dirty work en masse, and it becomes easy to send millions of mails in the hope that just a handful of recipients will fall for the trick.

We work very hard on preventing the creation of such short URLs. We can quickly identify most botnet patterns and block them before they ever get a short URL, which they can send in an email. We prevent tens of thousands such requests every day. However, there are some clever tricks used that we can’t spot straight away, which means we only get to block the URL a couple of minutes, or hours, later. That’s too late to prevent the the short URLs being sent in an email, which means that by the time you get the email, the URL will likely have been blocked, leading to the blocked message on our website that you see.

So, it’s not that your Facebook/other site’s account is compromised, or blocked in any way. It’s just that someone tricked you in to thinking it was a legitimate email about your account, that led you to a URL created on our free service. However, that URL has since been blocked because it was identified as pointing to a fake/phishing website, which is why you see the message.

On one side, you can consider yourself lucky that we blocked the URL, so you didn’t hand over any personal details to the fake site. On the other hand we’re sorry it got to the stage that our service could be used in such a way in the first place. Most of our development effort is identifying patterns of such abuse to prevent it (rather than just relying on blocking it later). We think we fair well compared to our bigger competitors in this regard, if it’s of any consolation.

Always check what address you click, in an email; even if it appears to be from a friend/colleague.



No comments yet

Sorry, comments are closed, at this time.

Comments RSS.