LinkedIn is becoming popular among threat actors for phishing attacks. With an intention to steal personal details and cause further damages, spammers and phishers are duping working professionals with a variety of job lures that are distributed via email, SMS, or instant message. 

Update on LinkedIn phishing attacks

  • Since February 1, 2022, cybersecurity firm Egress recorded a 232% increase in email phishing attacks that relied on LinkedIn.
  • The attacks spoofed display names and stylized HTML templates to redirect victims to phishing links that harvested their credentials.
  • Most of these attacks were targeted against Outlook 365 users in North America and the U.K.
  • In order to look convincing and bypass email security defenses, the emails include multiple stylized HTML templates, including the LinkedIn logo, brand colors, and icons.
  • The subject lines of these emails would have enticing headings such as ‘Who’s searching for you online,’ ‘You appeared in 4 searches this week,’ or ‘Your profile matches this job,’ or ‘You have 1 new message.’
  • The cybercriminals also impersonate well-known organizations’ names, such as American Express and CVS Carepoint, to target more victims.

Spoofing organizations - a major concern

  • In an investigation, Krebs On Security found that the scammers are leveraging the ‘Slinks’ feature in LinkedIn to conduct their phishing attacks.
  • This enabled threat actors to hack business accounts and create their own ad campaigns.
  • One such campaign using the Slinks or ‘LinkedIn links’ had redirected users to a fake website of Adobe and prompted them to share their Microsoft email account details to view a shared document.
  • In another campaign, Slinks was used to spoof the U.S. Internal Revenue Service. Amazon and Paypal were also targeted in a similar way in different phishing attacks.

How to stay safe?

Individuals should take extreme caution when opening links from unsolicited emails, text messages, and other mediums. It is also recommended to hover over links before clicking on them and going directly to LinkedIn to check for messages and updates.

Cyware Publisher