When phishing runs over LinkedIn short url

Yesterday we received a phishing email targeting Apple Store users.

The email, writed in english, hasked for a payment for a movie pre-order. The email body’s html was hidding a phishing url under “Review and cancel here”.

As shown in picture above, the phishing url passed through LinkedIn structure, or better still, through the LinkedIn short url service, leaded visitors accross several redirect url address, to land on phishing page not available at the check time.

The point was not the phishing, but the use of LinkedIn url.
As writen in LinkedIn Help when users share urls longher than 26 characters, LinkedIn automatically shorten it once.

Short urls are available in short url form

https://lnkd.in/aB-cDeF

but could also invoked as

https://www.linkedin.com/slink?code=aB-cDeF

In this last form the urls deceiving power results very dangerous, it’s enough to think at phishing targeting LinkedIn users made in that form.

So we suggest to warning employees and managers about this issue.