What is the issue?
Scammers are using compromised servers and bogus links to lure LinkedIn users in providing their online credentials and payment card details.
How does this scam work?
More details about the scam
A Sophos employee received a similar scam message in his LinkedIn account. Upon suspicion, the Sophos team analyzed the embedded URL, which redirected to the website of a professional entertainer in the USA, whose server had been compromised.
“Hi, Hope all is well? I have shared a document with you via Onedrive, please see the shared document,” the message read.
The second server was a business site in Mexico. The team said that the affected site in Mexico has already spotted this scam and removed the offending content because it led to a 404 error page. All the other subdomains analyzed by the research team redirected to various dating site portals.
“Nevertheless, the redirection script provided the crooks with a general-purpose mechanism for running a range of different spamming, phishing and scamming campaigns at the same time, with the target site determined by the URL that the crooks used each time,” Sophos team noted.
Publisher