Hackers are targeting users with phishing attempts using LinkedIn smart links.

Hackers are targeting users:Email security is being circumvented via a LinkedIn feature.

You can be sure that hackers will try to take advantage of your service if it allows you to contact users in order to spread malware or steal login credentials and other personally identifiable information.

LinkedIn Smart Links is a prime example. The technology, provided as a component of the Sales Navigator service on the business social network, enables Business accounts to contact other LinkedIn users via “smart” links that can be monitored. This enables the sender to maintain track of who read the messages and how they were interacted with, which is incredibly helpful for pitch testing and refinement.

The LinkedIn platform, however, has recently seen a rise in phishing communications, according to cybersecurity researchers from Cofense. Between July and August 2023, 800 emails were sent out using 80 different Smart Links.

Hackers are targeting users:theft of accounts

The mails contain standard phishing content, including information about payments, hiring and human resources, vital papers, security alerts, and related topics. Additionally, the communications contain a button or link that sends the recipient away from LinkedIn’s “trustworthy” message.

The attackers require access to LinkedIn Business accounts in order to send these messages. Sometimes they use accounts that have just been created or ones that have been taken in previous attacks. Finance, manufacturing, energy, construction, and healthcare businesses are the main victims. The campaign’s objective is to obtain Microsoft account login information.

The attackers may overcome the email security measures most victims have set up by utilising LinkedIn to send their messages directly to the inbox. Since LinkedIn is typically seen as a secure platform, most email security programmes permit communications from its domain to pass.

According to Cofense, the unidentified attackers weren’t specifically targeting any particular company or industry: “Despite Finance and Manufacturing having higher volumes, it can be concluded that this campaign was not a direct attack on any one business or sector but rather a blanket attack to collect as many credentials as possible using LinkedIn business accounts and Smart Links to carry out the attack,” the researchers said.

Given that a similar campaign was identified the previous year, this is not the first occasion that LinkedIn’s services have been misused to distribute malware.

Leave a Comment