LinkedIn Phishing Attacks: How to Spot and Avoid Them
issues with link previews not displaying fully across various devices pose a potential risk of increasing the spread of misinformation and malicious content, as users may be misled by incomplete or inaccurate previews.
Link Previews and Their Function
Link previews,also known as rich snippets,are automatically generated summaries of a webpage that appear when a link is shared on social media platforms,messaging apps,and other online services. They typically include a title, description, and image, providing users with a preview of the content before they click the link. The Federal Trade Commission (FTC) highlights the importance of accurate link previews for consumer protection.
Detail: These previews are generated by parsing the Open Graph protocol (OGP) meta tags or Twitter Cards embedded in the webpage’s HTML code. If these tags are missing, incorrect, or not properly formatted, the preview may not display correctly, or may not appear at all. Different platforms interpret these tags differently, leading to inconsistencies in how previews are rendered across various services.
Example or Evidence: A website lacking proper OGP tags might display a generic preview with a default title and description, or even a broken image, failing to accurately represent the linked content. This is especially problematic for news articles or websites promoting products or services.
risks Associated with Incomplete Link Previews
Incomplete or inaccurate link previews can significantly increase the risk of users falling victim to phishing attacks, malware distribution, and the spread of misinformation. The Cybersecurity and Infrastructure security Agency (CISA) frequently warns of increased cyberattack risks, and misleading link previews contribute to this threat.
Detail: Attackers can manipulate link previews to disguise malicious links as legitimate content. For example, a phishing link might display a preview that appears to be from a trusted source, such as a bank or social media platform, tricking users into clicking the link and entering their credentials. Similarly, a link to a website hosting malware could be disguised with a misleading preview.
Example or Evidence: In December 2023, CISA issued an alert regarding increased phishing attacks during the holiday season, where attackers leveraged deceptive link previews to steal personal information. A user might see a preview claiming a special holiday discount from a retailer, but clicking the link leads to a fraudulent website designed to harvest credit card details.
Mitigation and User Awareness
Users can mitigate the risks associated with incomplete link previews by exercising caution and verifying the legitimacy of links before clicking them. The Federal Trade Commission’s consumer advice provides guidance on identifying and avoiding scams.
Detail: Users should hover over links (on desktop) or long-press (on mobile) to view the actual URL before clicking. They should also be wary of links that appear suspicious, such as those with misspelled domain names or unusual characters. checking the website’s security certificate (HTTPS) can also help verify its authenticity. Furthermore, users should be skeptical of links received from unknown or untrusted sources.
Example or Evidence: If a link preview claims to be from ”PayPa1.com” rather of “PayPal.com,” it is indeed a clear indication of a phishing attempt. Always verify the URL before entering any personal information.