Phishers Are Moving In On LinkedIn

Cyber criminals are using LinkedIn to find a way into your files and if you received a link to LinkedIn.com via email, SMS/text or instant message, check before you click on it.  

The emails contain the LinkedIn logo and brand colours, as well as using other well-known organisation names, like American Express, to make the attacks appear more convincing. 

Phishing emails which appear to use the LinkedIn brand image have increased by 232% since 1 February, 2022, research by security software firm Egress has revealed. The attackers use display name spoofing and stylised HTML templates to socially engineer victims into clicking on phishing links and then entering their credentials into fraudulent websites.  

Cyber criminals are always changing their tactics in order to achieve their goals and now spammers, and phishers are taking advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands. 

At issue is a “redirect” feature available to businesses that chose to market through LinkedIn.com. The LinkedIn redirect links allow customers to track the performance of ad campaigns, while promoting off-site resources. 
There is  little to stop criminals from leveraging newly registered or hacked LinkedIn business accounts to create their own ad campaigns using fake links, sometimes known as 'Slinks', 

Malicious or phishing emails that leverage LinkedIn’s Slinks are unlikely to be blocked by anti-spam or anti-malware filters, because LinkedIn is widely considered a trusted domain, and the redirect obscures the link’s ultimate destination. In a statement Linkedin said it has “industry standard technologies in place for URL sharing and chained redirects that help us identify and prevent the spread of malware, phishing and spam.” LinkedIn also said it uses 3rd party services, such as Google Safe Browsing, Spamhaus, Microsoft and others, to identify known-bad URLs.

If in any doubt, check out Urlscan.io, a free service that provides detailed reports on any scanned URLs and also offers a historical look at suspicious links submitted by other users. 

Linkedin’s parent company, Microsoft, is thought to be  one of the exploited used for phishing. Indeed, Check Point Software Tecnologies has found that as much as 45 percent of all brand phishing attempts globally target Microsoft. Check Point said LinkedIn was the sixth most phished brand last year.

The best advice to dodge phishing scams is to avoid clicking on links that arrive in emails, text messages and other mediums that you have not asked for.  

Often phishing scams invoke a time sensitive element that warns of dire consequences should you fail to respond or act quickly. Consequently, it’s important to have confirmation via another communication channel when receiving weird messages on LinkedIn.

CheckPoint:     Brian Krebs:       Techradar:    ITPro:   ZDNet:     Egress

You Might Also Read:

Half A Billion LinkedIn Members Found For Sale:

 

« Mark Zuckerberg's Vision: How AI Will Unlock The Metaverse
Russia Threatens To Block Wikipedia »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

Australian Signals Directorate (ASD)

Australian Signals Directorate (ASD)

The Australian Signals Directorate is an intelligence agency in the Australian Government Department of Defence.

Soracom

Soracom

Soracom offers secure, scalable, cloud-native connectivity developed specifically for the Internet of Things.

SoSafe

SoSafe

Modern awareness training that works. With memorable content on all areas of IT security, with measurable learning success and full data protection compliance.

Redstor

Redstor

Redstor's complete data management helps you discover, manage and control your data from a single control centre, unifying backup and recovery, disaster recovery, archiving and search and insight.

PurpleSynapz

PurpleSynapz

PurpleSynapz provides hyper-realistic Cyber Security Training with a modern curriculum and Cyber Range.

AaDya

AaDya

AaDya provide smart, simple, affordable and effective cybersecurity software solutions for small and medium businesses.

RealCISO

RealCISO

RealCISO is a CISO grade cloud platform to help companies understand, manage, and mitigate their cyber risk.

CyGlass

CyGlass

CyGlass simply and effectively identifies, detects, and responds to threats to your network without requiring any additional hardware, software, or people.

CloudBolt Software

CloudBolt Software

CloudBolt provide solutions for your toughest cloud challenges. From automation, to cost and security, and hybrid IT governance — we have you covered.

Rostelecom

Rostelecom

Rostelecom is Russia’s largest integrated provider of digital services and solutions, covering all market segments including consumer, governmental and private organizations.

Squad

Squad

Squad provides leading expertise to ensure protection against the most complex cyber threats. Combining the best practices of DevOps and Cybersecurity, we are committed to create a secured cyber space

Accedian

Accedian

Accedian is a leader in performance analytics and end user experience solutions, dedicated to providing our customers with the ability to assure their digital infrastructure.

Gatefy

Gatefy

Getfy is a cybersecurity company specialized in artificial intelligence and machine learning. We work to solve challenging issues, especially those involving email security.

Microminder Cyber Security

Microminder Cyber Security

Microminder Cyber Security are innovators, advisors, strategists committed to solving your cyber security challenges.

Flat6Labs

Flat6Labs

Flat6Labs is the MENA region’s leading seed and early stage venture capital firm, currently running the most renowned startup programs in the region.