Hackers are using LinkedIn smart links to target users in phishing attacks
If you have a service that lets you contact people, you can bet that hackers will try to abuse it to deliver malware or steal login credentials and other personally identifiable information.
An example: LinkedIn Smart Links. The tool, offered as part of the professional social network’s Sales Navigator service, allows business accounts to contact other LinkedIn users through “smart” links that can be followed. This allows the sender to keep track of who interacted with the messages and how – very useful for pitch testing and improvements.
However, cybersecurity researchers at Cofense have now said that they have recently noticed a surge in phishing messages sent via the LinkedIn platform: around 800 emails were sent between July and August 2023, using approximately 80 unique Smart Links.
Stealing accounts
The messages are your usual phishing copy – related to payments, human resources and hiring, important documents, security notifications and the like. The messages also contain an embedded link or button that redirects the victim from the “trusted” LinkedIn message to another location.
To send these messages, the attackers must have access to LinkedIn Business accounts. In some cases, they use newly created accounts or accounts stolen in previous attacks. The victims are mainly financial, manufacturing, energy, construction and healthcare companies. The aim of the campaign is to steal Microsoft account credentials.
By abusing LinkedIn, the attackers can bypass the email security services that most victims have set up and have their messages delivered straight to the inbox. Because LinkedIn is generally considered a secure platform, most email security tools allow messages from the domain to pass through.
The unnamed attackers did not target anyone specifically, Cofense said: “Although Finance and Manufacturing have higher volumes, it can be concluded that this campaign was not a direct attack on a specific company or sector, but a general attack to collect as many credentials as possible. collect. potentially using LinkedIn corporate accounts and Smart Links to carry out the attack,” the researchers said.
This is not the first time that LinkedIn’s services have been misused to spread malware; a similar campaign was also discovered last year.
Through BleepingComputer