>
Researchers have uncovered what may be the first-ever AI-powered malicious ad campaign aimed at hijacking the corporate social media platform LinkedIn to obtain sensitive personal information about its users who work in sales.
Cybersecurity researchers at SafeGuard Cyber recently discovered an ad on LinkedIn promoting a white paper that would help sales professionals optimize their sales process and close more deals.
The ad’s creative, described by the researchers as “bizarro”, featured a color pattern in the lower right corner, usually seen on images created by Generative AI model Dall-E.
Giving away phone numbers
Dall-E works with text-based prompts. A user would tell the artificial intelligence what it wants, and the model would generate the image.
The ad copy invited readers to sign up and in exchange for their personal information (opens in new tab), grab the white paper. It was set up by an account called “Sales Intelligence”, which investigators found suspicious. The business page was mostly empty, containing only a link directing visitors to an Arizona jewelry store. While they can’t say for sure, the researchers speculate that the link was just added to fill in the required fields to set up the page.
The white paper also does not exist.
Instead, people who sign up simply share their personal information hosted on LinkedIn, such as email and phone, with the attackers. These details can later be used in various phishing and social engineering attacks.
“Encountering this fake LinkedIn ad was an important reminder of new social engineering threats now emerging in conjunction with Generative AI,” the researchers said.
While the researchers focused on the image, the ad text was most likely AI generated as well. Running the ad content through an AI detector gave us a score of 79%, meaning the content is likely, at least in part, AI-created.