Don’t Fall for the New LinkedIn URL Scam
Cybercriminals are finding new ways to bypass the spam filters that flag suspicious-looking emails. The KnowBe4 Security Team at KnowBe4.com has alerted us about this scam, in which the bad guys are using shortened LinkedIn URLs to sneak into your inbox.
When someone creates a LinkedIn post containing a URL, the URL will be automatically shortened if it is longer than 26 characters. An abbreviated LinkedIn URL starts with “Inkd.in” followed by a random string of characters. This feature allows cybercriminals to convert a malicious URL to an abbreviated LinkedIn URL. Once they have this, then the scammers add it to a phishing email as a link. So, if you click on it, then you are redirected through several websites until you land on the cybercriminals’ malicious, credentials-stealing webpage.
Don’t fall for this trick! Remember the following tips: Never click on a link or download an attachment in an email that you were not expecting. If you think the email could be legitimate, then contact the sender by phone call to confirm that the link is safe. This type of attack is not exclusive to LinkedIn URLs. Other social media platforms, such as Twitter, also have URL shortening features. Always think before you click!