What is a LinkedIn Slink? A Slink is a Linkedin smart link, which consists of a “clean” Linkedin URL that when clicked, redirects you to another site. LinkedIn offers this redirect feature to customers who opt to market through LinkedIn, because Slinks provide businesses with the ability to track their ad campaigns. However, malicious actors may use Slinks in connection with newly registered businesses or hacked accounts to redirect users to malicious sites which mimic legitimate brands and are designed to steal your sensitive information or infect your device with malware.
LinkedIn Slinks are always in the following format https://www.linkedin.com/slink?code= (followed by a short alphanumeric variable). It’s important to note that Slinks redirecting you to malicious sites are unlikely to be blocked by malware protection software and spam blockers due to the legitimate linkedin.com domain name. The following is a urlscan.io analysis example of a Linkedin Slink phishing spoof of the IRS which shows at the top, the submitted and effective URLs.
To avoid a possible redirect to a malicious web page, it is recommended that you visit a site via an existing bookmark or by typing the site’s URL into your browser’s address bar. This tip applies to links on any of your electronic devices. It is also always advisable to make sure you’ve landed on the expected webpage by clicking into your browser’s address bar and viewing the URL.
For more information, please see Krebs on Security, How Phishers Are Slinking Their Links Into Linkedin.