What is Linktree?
Linktree is a landing page service where businesses and individuals can list multiple links on one page. This service is often used on social media platforms like Instagram and TikTok for quick and easy access to various web pages. Common links you may see are blog pages, Amazon storefronts, Etsy shops, etc. However, cybercriminals can also use Linktree to host malicious links to try to steal your personal information.
(Image source: Linktree)
The Scam
You'll receive a notification that a file has been shared with you by someone you know, but it’s actually a cybercriminal in disguise. This notification prompts you to open the file through a link. If you click the link, you’ll be redirected to a legitimate Linktree page that contains a fake Microsoft 365 link. This link will take you to a login page that prompts you to enter your Microsoft credentials. Once you share this information, cybercriminals can use it for their malicious purposes.
Safety Tips
Follow the tips below to stay safe from similar scams:
Never click a link or download an attachment in an email that you weren’t expecting.
Be cautious before you enter your online credentials through a page that came through a direct link. It is best practice to exit the link/email and log in directly from the main website.
Make sure that the sender is actually who they say they are. If the sender claims to be someone you know, contact them in person or by phone to verify. You should also double-check their email address, sometimes hackers can mimic an email and only change one character to fool you.
Source: KnowBe4
