LinkedIn® has a policy that automatically shortens URLs that are longer than 26 characters. This feature is used to make it easier to read. Here’s an example of what the link will look like:
https://lnkd.in/RndømChar@cter$
These shortened links are being used in phishing emails. Recently Avanan posted the following phishing email, which utilized a shortened URL.
This URL utilized LinkedIn’s short URL service. If clicked, the link would redirect the user to several pages before ending at a phishing page, requesting the end-user to fill out an Information Update Form. This type of form is a common scheme used by cybercriminals to gather credentials. It is important to note that the redirect initially led to a clean page before it eventually went to the phishing page. This clean page is what fools security technologies that are scanning for phishing pages.
We can see how this type of email can be sent to anyone in any industry. Adding a LinkedIn link may be what causes a user to click and trust the link. That being said, remember to be suspicious of any emails sent from strangers. Only open links and attachments in emails that are sent from people you know and trust. Always check and verify the sender of an email. If you were not expecting the email, find a secondary means to reach out to the sender to confirm that they sent the message. Avoid clicking on email links if at all possible. For example, if you receive an email with an alert from your bank, it is better to avoid the links in the email. Instead, open a new browser window and navigate to the bank’s website.
You can report potential phishing and malicious emails with one click from your Fordham email safely and in real-time with the Cofense Reporter Gmail add-on. On web browsers, the Cofense Reporter button (which looks like a fish) will appear on the right side of the page in Gmail, and on mobile devices, it will appear below the opened email. You can learn more about Cofense here: https://secureit.fordham.edu/cofense-reporter/
Remember to reach out to your Fordham IT team if you are unsure about something or have a question or concern. IT Customer Care can be reached by calling (718) 817-3999 or via email HelpIT@fordham.edu.
Sources:
https://www.avanan.com/blog/shortened-linkedin-url-used-for-phishing