SCAM OF THE MONTH: Shortened URLs Are a Sneaky Shortcut

SCAM OF THE MONTH: Shortened URLs Are a Sneaky Shortcut

Oct 26, 2021

Most email clients have filters in place to flag suspicious-looking emails. Unfortunately, cybercriminals always find new ways to bypass these filters. In a new scam, cybercriminals use shortened LinkedIn URLs to sneak into your inbox.

When someone makes a LinkedIn post that contains a URL, the URL will be automatically shortened if it's longer than 26 characters. A shortened LinkedIn URL starts with "lnkd.in" followed by a random string of characters. This feature allows cybercriminals to convert a malicious URL to a shortened LinkedIn URL. Once they have the shortened URL, cybercriminals add it to a phishing email as a link. Then, if you click on the link, you are redirected through multiple websites until you land on the cybercriminals' malicious, credentials-stealing webpage.

Don't fall for this trick! Remember the following tips:

  • Never click on a link or download an attachment in an email that you were not expecting.
  • If you think the email could be legitimate, contact the sender by phone call or text message to confirm that the link is safe.

This type of attack isn't exclusive to LinkedIn URLs. Other social media platforms, such as Twitter, also have URL shortening features. Always think before you click!