The How & Why of “+ Link” - a URL shortener that fights phishing
Few things fascinate people as much as magic tricks do. They are wonderful, intriguing, sometimes a little spooky and all in all delightfully entertaining, as long as you are comfortable that the magician has civil intentions. The moment there is a shred of evidence to the contrary, the whole thing becomes frightening. You know just as well as I do, how incredibly vulnerable we really are to this phenomenon, and that is good, because it makes us pay attention. But if you are not even expecting a magic trick, just going about your normal day-to-day, chances are you are going to fall for it. It is only the clumsiness of the magician or random fluke that might help you spot the telltales of a scam and get you into that much needed heightened awareness mode you need to dodge the attack.
Phishing works because it is essentially an unannounced magic trick: It catches you off-guard, diverts your attention and determines you to take an action that you would normally not do. If only you had all the information… If only you had seen the signs… But you can’t, because they know the times of day when you are too stressed or too relaxed to pay attention, they know the triggers that makes you jump to action and they know that once your brain has taken a decision, it will not go back to re-evaluate the information, it will be driven by expectation. And if they can meet or fake that expectation, they come out victorious so smoothly, that sometimes you won’t even know it.
But as effective as it is, phishing is hard. It only works as long as conditions are perfectly met along the chain. Make a mistake at any point and people will recognize the sign and evade the scam.
The concept behind + Link is to give phishers an even harder time by disrupting this cycle, thus giving you the chance to snap out of the spiral and stop before it is too late.
Many mail clients will show the full URL as a safety measure, so phishers often use link shorteners which are extremely effective in hiding the destination. Since the link points to a short link, the destination is obfuscated. With all the social media activity we are used to short links. This is recomforting for the brain, sending it own the rabbit hole of diversion.
This is why I created + Link (https://plus.link). It is not so much an link shortener as it is a “Content Analysis Tool” with link shortening functionality. When you shorten a link, it will find the real destination, even through multiple redirects, analyze the type of connection, the identity (owner) of the site, the content of the destination, compares it to known good and known bad sites and gives you, and those you share the link with, a chance to review all that information instead of blindly redirecting. The logic is that if that site is not what you expect it to be, you become more aware, more informed and thus stand a better chance to not be tricked.
Of course, in order for this to work, you need to actually to receive a + Link URL, but you can pay it forward. Send your friends short links via + Link, and then, they will likely pay the favor back to you. You can even do it if you receive a short link via a different site. Just run it via + Link and you’ll end up with the same destination, but with more visibility and control.
So try it, see how it works and if you like it share it with your friends.
Enjoy,
Stefan
PS: Please let me know what you think, what you like, what you don’t, what is missing. And btw, it’s still beta, so there may be bugs. I appreciate your patience and understanding.
