HQ/EMEAFind out how we can help your business
Earlier this week, scammers were distributing phishing emails that impersonate fake URLs caused by shortened LinkedIn URLs.
The shortened URLs redirect its targets to a different site when targets access them. A known example of this campaign is using a Tiny URL or a Bit[.]ly link. These links are prevalent through various platforms.
Shortened links are a standard tool in the phishing landscape as it hides the primary destination of their links. Additionally, well-known shortening services became trustworthy entities among internet users.
The shortened LinkedIn URLs captured the trust of recipients.
According to investigations, the shortened LinkedIn URLs used by scammers have earned the trust of many users as the popular entity has an involvement in the phishing message.
Miscreants also use this tool to scam Amazon Prime users by sending fake prime emails.
These emails claim to have been sent from Amazon Prime and include a subject line of ‘New Membership Statement Renewal.’ In addition, the email also contains a schedule of the membership renewal date.
The email also portrays an “Update Now” button, showing a shortened URL once a user hovers above it. If an unknowing recipient clicks the button, the email will redirect them to a fake Amazon login page.
The phishing website then requests the user to provide an email or phone number linked to an Amazon account. Next, the site directs the user to a specially-crafter password page via the information provided by the user.
Subsequently, the phishers will collect additional personal details by prompting the target to give data, such as the mother’s maiden name, phone number, date of birth, address, city, state/province/ region, and zip/postal code.
Furthermore, the phishing website also asks for critical information such as credit and debit card details, cardholder name, card number, security code, and expiration date.
Unfortunately, a scam could have a massive impact on a user once it provides all the details for the fake renewal. Cybersecurity experts explained that the details in the phishing message are common security questions that scammers could exploit to hijack targeted accounts.
