1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hackers are using LinkedIn smart links to target users in phishin

    From TechnologyDaily@1337:1/100 to All on Thu Oct 12 11:45:04 2023
    Hackers are using LinkedIn smart links to target users in phishing attacks

    Date:
    Thu, 12 Oct 2023 11:43:55 +0000

    Description:
    A LinkedIn feature is being used to bypass email protection and land phishing messages in user inboxes.

    FULL STORY ======================================================================

    If you have a service that allows you to contact people, you can be sure hackers will try to abuse it to deliver malware or steal login credentials
    and other personally identifiable info .

    Case in point - LinkedIn Smart Links. The tool, offered as part of the professional social networks Sales Navigator service, allows Business
    accounts to reach out to other LinkedIn users with smart links that can be tracked. That allows the sender to keep tabs on who interacted with the messages and in what way - very useful for pitch testing and improvements.

    However, cybersecurity researchers from Cofense have now said they recently spotted a surge in phishing messages sent through the LinkedIn platform -
    some 800 emails were sent out between July and August 2023, using roughly 80 unique Smart Links. Stealing accounts

    The messages are your usual phishing copy - regarding payments, human resources and hiring, important documents, security notifications, and similar. The messages also carry an embedded link or a button that redirects the victim from LinkedIns trustworthy message elsewhere.

    To be able to send these messages, the attackers need to have access to LinkedIn Business accounts. In some cases, they use either newly created accounts, or those stolen in earlier attacks. The victims are mostly finance, manufacturing, energy, construction, and healthcare firms. The goal of the campaign is to steal Microsoft account credentials.

    By abusing LinkedIn, the attackers are able to bypass email security services most victims have set up, and have their messages delivered straight to the inbox. As LinkedIn is generally considered a safe platform, most email protection tools allow messages from its domain through.

    The unnamed attackers werent going after anyone specific, Cofense argues: "Despite Finance and Manufacturing having higher volumes, it can be concluded that this campaign was not a direct attack on any one business or sector but
    a blanket attack to collect as many credentials as possible using LinkedIn business accounts and Smart Links to carry out the attack," the researchers said.

    This is not the first time LinkedIns services were abused to deliver malware, as a similar campaign was discovered last year, as well.

    Via BleepingComputer More from TechRadar Pro Thousands of corporate logins have been taken by info-stealing malware Here's a list of the best firewalls today These are the best privacy tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hackers-are-using-linkedin-smart-links- to-target-users-in-phishing-attacks


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)