Hi friends!

I am a cybersecurity major and the recent discovery/popularity of the PM links has caused me some concern! I am probably being paranoid but thought to post this just in case!

URLs can be crafted to have malicious scripts tagged onto the end of them that sends your data to the attackers (among other things). The URLs for PMing are crafted by us users so it’s best to check that they are legitimate and not an attacker trying to steal your info. Possible attacks include cross-site scripting (XSS) and cross-site request forgery (CSRF) if you want to look them up.

Even though reddit should be protected against such attacks, we should nonetheless be careful! I would advice against clicking on PM links from users that aren’t flaired, or links from new users. In addition, before clicking on the links, check that the URL doesnt look foreign to you (eg. have excessive characters) and doesn’t have a script attached to the back (they tend to have tags like <script>).

Stay safe folks!