b'LinkedIn Phishing variety of attack vectors. Early in the pandemic, we reported on ways LinkedIn was being used to attack Hackers are using LinkedIn employees who were new to a remote job. Thebusiness tools to create convinc- attackers posed as the new hires IT support and ing and legitimate phishing links.were able to steal business login credentials in the LinkedIn has a legitimate toolattack. that allows businesses to create LinkedIn URL links that link toLinkedIn is also used to scrape personal information Jack Gerbs, Quanexusfrom users. The site faces a difficult balance ofan outside site. These links have been deemed Slinks because the URL code usedpublic information for the benefit of the jobseeker, includes the word. The generic format is https:// and that same information being used to target an www.linkedin.com/slink?code= followed by individual for an attack.numbers and letters. Like most phishing attacks, criminals use a sense of Criminals are setting up new LinkedIn business urgency to try to get users to click the link. Be on the accounts or using hacked accounts to send Slink linkslookout for emails that look legitimate and could in a variety of scams. There are examples of Slinksmake it through your spam filter using Linkedin.com that point to fake IRS pages, Amazon logins, andas the root URL. If the email or text message is PayPal phishing pages. Generally, these attacks arethreatening a grave consequence if you dont click phishing for login credentials or personal informationthe link right away, this should be a red flag to stop, and are dispersed through SMS text message, email,consider the source, and check the legitimacy inand instant messenger.another way .Slinks are an effective phishing tool because LinkedIn is widely viewed as a trustworthy site, so spam filters are unlikely to block the links. Addition-ally, with many people working from home, and looking for remote work, the tactic could be used in a 26'