LinkedIn Phishing Slink Attack
Hackers have found a new way to trick unsuspecting users into clicking on phishing links. Attackers use a marketing feature on a business networking website that lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands. This malicious strategy is called “Slinking”.
LinkedIn Slinking Attacks
LinkedIn has a redirect feature available to businesses that choose to market through LinkedIn.com. The LinkedIn redirect links allow customers to track the performance of ad campaigns while promoting off-site Secondary website links. These links or “Slinks” all have a standard format: “https://www.linkedin.com/slink?code=” followed by a short alphanumeric variable. The first Slink created, http://www.linkedin.com/slink?code=1, redirects to the homepage for LinkedIn Marketing Solutions.
It seems like a good idea for companies that are trying to grow their business, but hackers have infiltrated this tool. The problem is there is little to stop criminals from leveraging newly registered or hacked LinkedIn business accounts to create their own ad campaigns using Slinks. Urlscan.io, a free service that provides detailed reports on any scanned URLs, also gives a historical look at suspicious links submitted by other users. This search via Urlscan reveals dozens of recent phishing attacks that have leveraged the Slink’s feature.
Below is an example from a January 2022 attack, where hackers used Linkedin.com links to redirect users to a site that spoofs Adobe and prompts users to log in to their Microsoft email account (giving your credentials to the hackers) to view a shared document:
Adobe isn’t the only Slink Phishing Attack, URLscan has found more attacks that spoof Amazon, PayPal, and even the Internal Revenue Service (IRS). It’s expected that attackers won’t stop at those domains, especially if the attacks keep on working by fooling unsuspecting users.
One of the security challenges with these attacks is that phishing emails leveraging LinkedIn’s Slinks are unlikely to be blocked by anti-spam and anti-malware filters,. This is because LinkedIn is widely considered a trusted domain, and the redirect obscures the link’s ultimate destination.
How To Avoid Slinking Phishing Attacks
CyberHoot recommends that end-users always follow best practices when dealing with potential phishing emails and LinkedIn Slink attacks by watching out for:
- Poor spelling or grammar
- Unexpected emails
- Generically addressed emails
- Enticing email attachments
- Urgent actions are needed on your part
- Strange-looking links
- Especially if they start with https://www.linkedin.com/slink?code=
If you are still unsure if the link could be malicious, you can use the tool aforementioned, https://urlscan.io/, to see if the link appears to be legitimate or has been involved in an attack in the past for other users.
Additional Cybersecurity Recommendations
Additionally, these recommendations below will help you and your business stay secure with the various threats you may face on a day-to-day basis. All of the suggestions listed below can be gained by hiring CyberHoot’s vCISO Program development services.
- Govern employees with policies and procedures. You need a password policy, an acceptable use policy, an information handling policy, and a written information security program (WISP) at a minimum.
- Train employees on how to spot and avoid phishing attacks. Adopt a Learning Management system like CyberHoot to teach employees the skills they need to be more confident, productive, and secure.
- Test employees with Phishing attacks to practice. CyberHoot’s Phish testing allows businesses to test employees with believable phishing attacks and put those that fail into remedial phish training.
- Deploy critical cybersecurity technology including two-factor authentication on all critical accounts. Enable email SPAM filtering, validate backups, deploy DNS protection, antivirus, and anti-malware on all your endpoints.
- In the modern Work-from-Home era, make sure you’re managing personal devices connecting to your network by validating their security (patching, antivirus, DNS protections, etc) or prohibiting their use entirely.
- If you haven’t had a risk assessment by a 3rd party in the last 2 years, you should have one now. Establishing a risk management framework in your organization is critical to addressing your most egregious risks with your finite time and money.
- Buy Cyber-Insurance to protect you in a catastrophic failure situation. Cyber-Insurance is no different than Car, Fire, Flood, or Life insurance. It’s there when you need it most.
All of these recommendations are built into CyberHoot the product or CyberHoot’s vCISO Services. With CyberHoot you can govern, train, assess, and test your employees. Visit CyberHoot.com and sign up for our services today. At the very least continue to learn by enrolling in our monthly Cybersecurity newsletters to stay on top of current cybersecurity updates.