The TinyURL service allows you to enter a long URL, such as one for a particular Google Maps location, and convert it into a short, easy-to-type or e-mail link. Good for sending links – or as Trend Micro reports, for hiding a malicious Web site URL in a phishing e-mail.
Trend says the dirty trick, which it first reported on in February, is becoming more popular and spreading into multiple languages. The ruse is intended to make it more difficult for the wary to immediately peg a link as suspicious when they mouseover a link to see where it actually goes.
Of course, you’d probably be just as suspicious if you receive an e-mail that purports to be from your bank but uses a TinyURL, but Trend also writes that the technique is being used for IM-based phishing with messages that pretend to come from a friend.
If you suspect that a TinyURL link you’ve received might hide a malicious URL, you can check it out without clicking the link. First copy the link to the clipboard and paste it into your browser’s address bar, or type it in directly. Then type ‘preview’ before the address, so that http://tinyurl.com/g0hz would become http://preview.tinyurl.com/g0hz, for example.
Then hit enter to bring up a preview page, and you’ll see the the full URL used for the TinyURL link without actually bringing up the linked-to page. If you want to see if that link has been reported as a phishing site, or if you want to report it as such yourself, cut and paste the (real) link and enter it on http://www.phishtank.com.