LinkedIn Phishing

Linkedin PhishingHackers are using LinkedIn business tools to create convincing and legitimate phishing links. LinkedIn has a legitimate tool that allows businesses to create LinkedIn URL links that link to an outside site. These links have been deemed “Slinks” because the URL code used includes the word. The generic format is “https://www.linkedin.com/slink?code=” followed by numbers and letters.

Criminals are setting up new LinkedIn business accounts, or using hacked accounts to send Slink links in a variety of scams. There are examples of Slinks that point to fake IRS pages, Amazon logins, and PayPal phishing pages. Generally, these attacks are phishing for login credentials or personal information and are dispersed through SMS text message, email, and instant messenger.

Slinks are an effective phishing tool because LinkedIn is widely viewed as a trustworthy site, so spam filters are unlikely to block the links. Additionally, with many people working from home, and looking for remote work, the tactic could be used in a variety of attack vectors. Early in the pandemic, we reported on ways LinkedIn was being used to attack employees who were new to a remote job. The attackers posed as the new hire’s IT support, and were able to steal business login credentials in the attack.

LinkedIn is also used to scrape personal information from users. The site faces a difficult balance of public information for the benefit of the job seeker, and that same information being used to target an individual for an attack. Click here for our blog on LinkedIn scraping.

Like most phishing attacks, criminals use a sense of urgency to try to get users to click the link. Be on the lookout for emails that look legitimate, and could make it through your spam filter using linkedin.com as the root URL. If the email or text message is threatening a grave consequence if you don’t click the link right away, this should be a red flag to stop, consider the source, and check the legitimacy in another way.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright