Recent Scams Article: Shortened URLs Are a Sneaky Shortcut
Most email clients have filters in place to flag suspicious-looking emails. Unfortunately, cybercriminals always find new ways to bypass these filters. In a new scam, cybercriminals use shortened LinkedIn URLs to sneak into your inbox.
When someone makes a LinkedIn post that contains a URL, the URL will be automatically shortened if it's longer than 26 characters. A shortened LinkedIn URL starts with “lnkd.in” followed by a random string of characters. This feature allows cybercriminals to convert a malicious URL to a shortened LinkedIn URL. Once they have the shortened URL, cybercriminals add it to a phishing email as a link. If you click on the link, you are redirected through multiple websites until you land on the cybercriminals’ malicious, credentials-stealing webpage.
Don’t fall for this trick! Remember the following tips:
- Never click on a link or download an attachment in an email that you were not expecting.
- If you think the email could be legitimate, contact the sender by phone call or text message to confirm that the link is safe.
- This type of attack isn’t exclusive to LinkedIn URLs. Other social media platforms, such as Twitter, also have URL shortening features. Always think before you click!
The KnowBe4 Security Team