LinkedIn URLs are being used for phishing attacks.
Cybersecurity researchers have revealed that attackers are using LinkedIn’s shortened URLs to fool email programmes as well as their victims in phishing attempts. In a blog post, Avanan researchers described how hackers are using LinkedIn’s automatic URL shortening service to create a new credential harvesting operation and how to prevent this from happening. An email was sent out to recipients, inviting them to visit a shortened URL on LinkedIn in order to complete the form with the missing information.
We’re interested in learning how our readers use VPNs with streaming services such as Netflix so that we can generate better content and guidance for them in the future. You will only need to spend less than 60 seconds on this survey, and we would greatly appreciate it if you could share your expertise with us.
After clicking on a link from LinkedIn (lnkd.in) to another website, the researchers determined that “visitors will be transported across multiple redirection before reaching on this phishing page.”
Any employee, according brand hijack Avanan, can be the target of the latest phishing scam, which it refers to as “one of the most sophisticated” it has ever witnessed. During the second quarter of 2021, according to the Check Point Research research noted in the press release cited above, LinkedIn was the sixth most mimicked brand in worldwide phishing assaults.
“On top of that, more staff have access to billing and invoicing information, which means that a’spray and pray’ campaign may be effective,” Avanan says.
When people utilise a URL shortening service, they can easily send potential victims to a malicious website, which isn’t uncommon. During an investigation into a phoney message sent through Facebook Messenger, CyberNews researchers came across this year’s large-scale phishing campaign, which used a URL shortening service to trick nearly 500,000 Facebook users. The campaign used a URL shortening service to trick almost 500,000 Facebook users.
It is in reality well-established that users should refrain from responding to message notifications, receiving emails from unknown sources, or engaging in other forms of online engagement with unknown parties.