## New Service Generates Deceptively Malicious URLs, Raising Phishing Concerns
A recently launched website, PhishyURL.com, allows users to transform legitimate web addresses into convincingly suspicious-looking URLs, security experts warn. The service poses a heightened risk for phishing attacks and could make it more tough for individuals to discern safe links from malicious ones.The tool’s functionality lies in its ability to append lengthy, complex strings of characters and seemingly technical jargon to or else harmless URLs. This obfuscation can bypass basic link previews and fool even cautious internet users. Security researcher Bruce Schneier highlighted the service on his blog on September 25,2025,demonstrating how www.schneier.com can be rendered as https://cheap-bitcoin.online/firewall-snatcher/cipher-injector/phishing_sniffer_tool.html?form=inject&host=spoof&id=bb1bc121¶meter=inject&payload=%28function%28%29%7B+return+%27+hi+%27.trim%28%29%3B+%7D%29%28%29%3B&port=spoof.
The potential impact extends beyond individual users. Organizations relying on URL reputation systems or automated security scans may find these artificially inflated URLs slipping through defenses. As phishing attacks become increasingly refined, tools like PhishyURL.com lower the barrier to entry for attackers and increase the likelihood of triumphant exploitation. The service was initially noted on Boing Boing on September 19, 2025.
The availability of such a service underscores the ongoing need for heightened user awareness and robust security practices. Experts recommend verifying the destination of any link before clicking, even if it appears to originate from a trusted source.
posted on September 25, 2025 at 7:02 AM • 2 Comments
