LinkedIn URLs are being hijacked for phishing

Is it time to ban shortened URLs?

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers have caught hold of attackers usingLinkedIn’s shortened URLs inphishingcampaigns in order to trick email apps as well as the victims.

Researchers from Avanan have shared details of how hackers are taking advantage of LinkedIn’s automatic URL shortening service to launch a new credential harvesting campaign.

In ablog post, the researchers shared an email that invited recipients to click on a LinkedIn shortened URL to enter missing details.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

“The URL (shortened to lnkd.in) passed through the LinkedIn short URL service, leading visitors across several redirects, landing on this phishing page,” the researchers note.

Brand hijack

Brand hijack

Citing arecent Check Point Researchreport that rated LinkedIn as the sixth most impersonated brand in phishing attempts around the world in Q2 2021, Avanan argues that the latest phishing scam can target any employee.

“Plus, more employees have access to billing and invoice information, meaning that a spray-and-pray campaign can be effective,” believes Avanan.

The use of URL shortening service in order to redirect recipients to a phishing page, isn’t exactly novel.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Earlier this year, investigating a malicious message sent via Facebook Messenger,CyberNewsresearchersuncovered a large-scale phishing campaign that used a URL shortening service to trick close to 500,000 Facebook users.

In fact, security researchers have long been advising usersagainst clicking shortened URLsin instance messages, emails, and other forms of online communication from unfamiliar sources.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

5 must-have Android apps