page =
url = https://krebsonsecurity.com
krebs on security – in-depth security news and …
At issue is a “redirect” feature available to businesses that chose to market through LinkedIn.com. The LinkedIn redirect links allow customers to track the performance of ad campaigns, while promoting off-site resources. These links or “ Slinks ” all have a standard format: “https://www.linkedin.com/slink?code=” followed by a short alphanumeric variable.
Here’s the very first Slink created: http://www.linkedin.com/slink?code=1, which redirects to the homepage for LinkedIn Marketing Solutions .
The trouble is, there’s little to stop criminals from leveraging newly registered or hacked LinkedIn business accounts to create their own ad campaigns using Slinks. Urlscan.io , a free service that provides detailed reports on any scanned URLs, also offers a historical look at suspicious links submitted by other users. This search via Urlscan reveals dozens of recent phishing attacks that have leveraged the Slinks feature.
Here’s one example from Jan. 31 that uses Linkedin.com links to redirect anyone who clicks to a site that spoofs Adobe , and then prompts users to log in to their Microsoft email account to view a shared document.
A recent phishing site that abused LinkedIn’s marketing redirect. Image: Urlscan.io.
Urlscan also found this phishing scam from Jan. 12 that uses Slinks to spoof the U.S. Internal Revenue Service . Here’s a Feb. 3 example that leads to a phish targeting Amazon customers. This Nov. 26 sample from Urlscan shows a LinkedIn link redirecting to a Paypal phishing page. Continue reading →
How Phishers Are Slinking Their Links Into LinkedIn