b'THE OFFICIAL NFBA MAGAZINECYBERSECURITY: LINKEDIN PHISHINGBUSINESSSECURITYBy: Jack GerbsQuanexusH ackers are using LinkedIn business tools tonew to a remote job. The attackers posed create convincing and legitimate phishingas the new hires IT support and were able links. LinkedIn has a legitimate tool thatto steal business login credentials in the allows businesses to create LinkedIn URL links thatattack.link to an outside site. These links have been deemedLinkedIn is also used to scrape personal information Slinks because the URL code used includes thefrom users. The site faces a difficult balance of public word. The generic format is https://www.linkedin. information for the benefit of the jobseeker, and that com/slink?code= followed by numbers and letters.same information being used to target an individual Criminals are setting up new LinkedIn businessfor an attack. accounts or using hacked accounts to send Slink links in a variety of scams. There are examples of Slinks thatLike most phishing attacks, criminals use a sense of point to fake IRS pages, Amazon logins, and PayPalurgency to try to get users to click the link. Be on the phishing pages. Generally, these attacks are phishinglookout for emails that look legitimate and could make for login credentials or personal information and areit through your spam filter using Linkedin.com as the dispersed through SMS text message, email, and instantroot URL. If the email or text message is threatening a messenger. grave consequence if you dont click the link right away, Slinks are an effective phishing tool because LinkedInthis should be a red flag to stop, consider the source, is widely viewed as a trustworthy site, so spam filtersand check the legitimacy in another way.are unlikely to block the links. Additionally, with many people working from home, and looking for remote work, the tactic could be used in a variety of attack vectors. Early in the pandemic, we reported on ways LinkedIn was being used to attack employees who were 18 / FRAME BUILDER - AUG2022'