Short links: a hidden risk in your Salesforce environment

Short links in Salesforce cyber attacks

Shortened links can easily disguise malicious destinations, making them potent tools for malware distribution and phishing schemes. The risk increases when the link’s source is dubious, such as a link shared by an unfamiliar external Salesforce user.

Imagine a Salesforce user receiving a shortened link that redirects them to a phishing site designed to harvest sensitive login details, or triggers the download of malware onto their device. This malware could range from ransomware to trojans, with the short link masking the danger and making it harder for users to recognize the threat.

“Prolific Puma”: malicious short link service

In October 2023, Infoblox researchers uncovered “Prolific Puma”, a malicious URL shortening service generating up to 75,000 unique domains. These domains, just a few characters long across various TLDs, led to phishing sites, scams, or further malicious redirects. The network’s complexity, from evasive CAPTCHA challenges to unpredictable redirect patterns, suggested exploitation by several cybercriminal entities.

Mitigating the risk of malicious short links with automation

Vigilance alone is insufficient against the stealth of malicious short links within Salesforce. While online link checking tools exist, Salesforce users should not have to play detective—they need to concentrate on their primary responsibilities.

WithSecure™ Cloud Protection for Salesforce proactively secures your Salesforce environment against these hidden threats. The antiphishing capabilities of the solution scrutinize any short link uploaded. It even performs real-time checks when a user clicks a link. By covering a wide array of popular link shortening services, it ensures that your Salesforce users can work without the added burden of second-guessing every link.