LinkedIn phishing targeting students

Phishing can come in many guises. People are familiar with emails that ask them to “confirm their details immediately” and know not to click on them. Just as common, though, are social engineering attacks that come through social media, such as Facebook and Twitter. In this case, a community member has reported an event targeting NYU students and alumni via LinkedIn messaging.  Note the initial message which uses urgency and a sort of threat to entice people to click on the link:

(linkedin messaging screen) Seems you have some haters on the NYU Community here is the article (fraudulent tinyURL link)

The link uses a URL shortener to further hide the real destination. If the person does click, they would be taken to a fake Login page , where the URL doesn’t belong to nyu.edu, and the page itself is somewhat suspect. In other cases, the URL may contain “nyu.edu” as part of the address but not the site where the page is hosted, for example: http://www.IamAcrook.com/nyu.edu

page which emulated NYU Login in order to trick people into giving away NYU username and password.

 

So, remember to be careful of unsolicited messages, whatever platform you get them on.