Skip to main content

SCAM OF THE WEEK: SHORTENED URLS ARE A SNEAKY SHORTCUT


Posted on Friday, October 1, 2021 in Privacy & Security

Most email clients have filters in place to flag suspicious-looking emails. Unfortunately,Padlock over credit cards cybercriminals always find new ways to bypass these filters. In a new scam, cybercriminals use shortened LinkedIn URLs to sneak into your inbox.

When someone makes a LinkedIn post that contains a URL, the URL will be automatically shortened if it's longer than 26 characters. A shortened LinkedIn URL starts with “lnkd.in” followed by a random string of characters. This feature allows cybercriminals to convert a malicious URL to a shortened LinkedIn URL. Once they have the shortened URL, cybercriminals add it to a phishing email as a link. If you click on the link, you are redirected through multiple websites until you land on the cybercriminals’ malicious, credentials-stealing webpage. 

Don’t fall for this trick! Remember the following tips:

  • Never click on a link or download an attachment in an email that you were not expecting.

  • If you think the email could be legitimate, contact the sender by phone call or text message to confirm that the link is safe.

  • ‚ÄčThis type of attack isn’t exclusive to LinkedIn URLs. Other social media platforms, such as Twitter, also have URL shortening features. Always think before you click!

Back to Top