LinkedIn URL Hijackings: Keep Your Data Safe

In phishing campaigns, cybersecurity experts have discovered attackers utilizing LinkedIn’s shortened URLs to deceive email applications as well as their victims. Avanan researchers revealed how hackers are using LinkedIn’s automated URL shortening service to launch a new credential harvesting operation in a blog post. An email was provided that invited recipients to click on a shortened URL on LinkedIn to provide missing information.

We’re interested in how our readers use VPNs with streaming services like Netflix to guide us in developing better content and advice. This survey will take less than 60 seconds of your time, and we’d be grateful if you could share your knowledge with us.

The researchers discovered that “following a link from LinkedIn (lnkd.in) to another website, visitors will be transferred across numerous redirects before arriving on this phishing page.”

Brand hijack

Avanan claims that the newest phishing scam, which it calls “one of the most sophisticated” ever seen, can target any employee. The Check Point Research report mentioned in their press release cited above ranked LinkedIn as the sixth most imitated brand in worldwide phishing attacks during Q2 2021.

“Plus, more employees have access to billing and invoice information, meaning that a spray-and-pray campaign can be effective,” Avanan.

It’s not that unusual for people to redirect potential victims to a phishing page with the use of a URL shortening service. CyberNews researchers discovered this year’s large-scale phishing campaign, which utilized a URL shortening service to trick almost 500,000 Facebook users, whilst investigating a phony message sent through Facebook Messenger.

In fact, experts have long advised individuals against clicking shortened URLs in message notifications, emails, and other types of online interaction from unknown parties.