Less than 1% of shortened URLS on Twitter are malicious.
Security researchers at Zscaler Inc. scanned 1.3 million shortened URLs posted on Twitter, and discovered that less than 1% (773) of those links led to malicious pages.
The security firm’s analysis was conducted before Twitter’s Trust and Safety team launched a new service to protect their users from phishing tactics and other “deceitful attacks.” The service scans all URLs posted in tweets, searching for malicious content.
In a blog post, Zscaler’s Julien Sobrier wrote that 92% of the 773 malicious links led victims to sites serving up malware, and 5% led Twitter users to phishing sites. Popular URL shortening service, Bit.ly holds the dubious distinction of hosting the most malicious URLs. The URL shortener accounted for 40% of the potentially dangerous links posted via tweets on Twitter.
It does not look like bit.ly’s phishing and malware protection is making it any safer than other URL shorteners.
In the past Twitter has been scrutinized for being a tool for phishers and cybercriminals attempting to lead users to malicious websites. However, Zscaler’s research proves the contrary. In fact clicking on a URL through Google is more likely to direct users to a malicious site, Sobrier said. Zscaler’s scan only searched for phishing sites, malware, anonymizers and exploits, but did not conduct a search for spam.
Twitter’s Trust and Safety team says they will be able to “detect, intercept, and prevent the spread of bad links across all of Twitter. Even if a bad link is already sent out in an email notification and somebody clicks on it, we’ll be able keep that user safe. “
Sobrier said the only way to protect end usrs is through real-time scanning of both URLs and content.