Identification of links behind shortened URLs is enabled
gmail_shortener_scanning_enabled
Gmail can identify and expand links behind shortened URLs (e.g., bit.ly, goo.gl) to check if the destination is malicious. URL shorteners are commonly used in phishing campaigns to obscure the true destination of a link.
Risk
Without shortened URL scanning, attackers can use URL shortening services to hide malicious destinations in phishing emails. Users cannot visually verify where the link leads, increasing the success rate of phishing and credential harvesting attacks.
prowler googleworkspace --checks gmail_shortener_scanning_enabled
Recommendation
Enable identification of links behind shortened URLs so that Gmail can expand and scan shortened links for malicious content before users interact with them.
Remediation
- Sign in to the Google Admin console at https://admin.google.com
- Navigate to Apps > Google Workspace > Gmail
- Click Safety > Links and external images
- Check Identify links behind shortened URLs
- Click Save
Source Code
Resource Type
NotDefined
References
Related To
- gmail_external_image_scanning_enabled
- gmail_untrusted_link_warnings_enabled