Basics of This Phishing Campaign
The email security research firm Cofense first uncovered this latest attack to hit LinkedIn. Cofense concluded that this campaign uses at least 80 Smart Links throughout 800 phishing messages. No matter which business or sector you work in, there's a chance that you could fall victim to this campaign since Cofense reports that these criminals sent phishing pages to workers in the following industries:
The report points to workers in finance and manufacturing having higher volumes of phishing messages sent their way.
How Threat Actors Execute LinkedIn Smart Links Phishing Attacks
The cybercriminals who carry out this attack devise a plan consisting of a few phases. Below, we break down each phase and how it ultimately leads LinkedIn users to click on suspicious links that give hackers personal account credentials.
Hackers Create or Hijack Business Accounts
The plan begins with threat actors using a LinkedIn business account to deceive vulnerable users. They either create a brand-new account or use an existing one that was stolen from a previous attack. Once the account is ready, they can use LinkedIn's Sales Navigator service to send Smart Links to other users.
This feature works great for benign use because it allows accounts to track how recipients interact with the message. Business leaders can use this to their advantage for pitching new products. However, hackers manipulate the links to steal information.
Cybercriminals Send Phishing Messages
Using a business account under an actual LinkedIn domain, hackers can use the Smart Links feature to send phishing messages to vulnerable users. These messages aim to trick users by mimicking legitimate senders with content regarding the following:
The message contains a link that will send users to a malicious site. Once hackers get victims to click on these fake links, they can obtain their credentials.
Information Is Stolen
The primary goal of this phishing campaign is to steal Microsoft account credentials from a business's LinkedIn account. Hackers can get this information once they get people to fall for their scam messages and click the link. Cybercriminals can continue with their attack once someone ends up on the credential-harvesting site.
Rather than creating a new account, they can steal the information of other businesses and impersonate those brands. This increases the chance of getting more users to believe the phony messages.
Keep Your Business Safe From Cyber Threats
Staying aware of emerging threats like the LinkedIn Smart Links phishing attacks can help you avoid malicious activity online. Help your business stay safe by contacting our experts for more tips on mitigating attacks.