Internet phishers are using shorter Web addresses to make their sites seem more legitimate, says IBM's online-security division. The group observed fraudulent URLs dropping from 30-37 characters to an average of 17, reports CNET. "The fact that they felt the need to make this move suggests that they were seeing diminishing returns," said an IBM specialist.
Still, another security firm warned against presuming sites safe based on URL length. "We need to be careful about security metrics, which might lead users to assume a reliable correlation between the size of an Internet object and its danger," said a rep. He noted that email clients might disguise a malicious URL with a harmless-looking link.