Phishers Are Moving In On LinkedIn

Uploaded on 2022-03-08 in TECHNOLOGY-Key Areas-Social Media, NEWS-News Analysis, FREE TO VIEW

Cyber criminals are using LinkedIn to find a way into your files and if you received a link to LinkedIn.com via email, SMS/text or instant message, check before you click on it.  

The emails contain the LinkedIn logo and brand colours, as well as using other well-known organisation names, like American Express, to make the attacks appear more convincing. 

Phishing emails which appear to use the LinkedIn brand image have increased by 232% since 1 February, 2022, research by security software firm Egress has revealed. The attackers use display name spoofing and stylised HTML templates to socially engineer victims into clicking on phishing links and then entering their credentials into fraudulent websites.  

Cyber criminals are always changing their tactics in order to achieve their goals and now spammers, and phishers are taking advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands. 

At issue is a “redirect” feature available to businesses that chose to market through LinkedIn.com. The LinkedIn redirect links allow customers to track the performance of ad campaigns, while promoting off-site resources. 
There is  little to stop criminals from leveraging newly registered or hacked LinkedIn business accounts to create their own ad campaigns using fake links, sometimes known as 'Slinks', 

Malicious or phishing emails that leverage LinkedIn’s Slinks are unlikely to be blocked by anti-spam or anti-malware filters, because LinkedIn is widely considered a trusted domain, and the redirect obscures the link’s ultimate destination. In a statement Linkedin said it has “industry standard technologies in place for URL sharing and chained redirects that help us identify and prevent the spread of malware, phishing and spam.” LinkedIn also said it uses 3rd party services, such as Google Safe Browsing, Spamhaus, Microsoft and others, to identify known-bad URLs.

If in any doubt, check out Urlscan.io, a free service that provides detailed reports on any scanned URLs and also offers a historical look at suspicious links submitted by other users. 

Linkedin’s parent company, Microsoft, is thought to be  one of the exploited used for phishing. Indeed, Check Point Software Tecnologies has found that as much as 45 percent of all brand phishing attempts globally target Microsoft. Check Point said LinkedIn was the sixth most phished brand last year.

The best advice to dodge phishing scams is to avoid clicking on links that arrive in emails, text messages and other mediums that you have not asked for.  

Often phishing scams invoke a time sensitive element that warns of dire consequences should you fail to respond or act quickly. Consequently, it’s important to have confirmation via another communication channel when receiving weird messages on LinkedIn.

CheckPoint:     Brian Krebs:       Techradar:    ITPro:   ZDNet:     Egress

You Might Also Read:

Half A Billion LinkedIn Members Found For Sale:

 

« Mark Zuckerberg's Vision: How AI Will Unlock The Metaverse
Russia Threatens To Block Wikipedia »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Tanium

Tanium

Tanium is an endpoint security and systems management company.

CERT-PA

CERT-PA

CERT-PA is the national Computer Emergency Response Team for Italian government institutions.

DXC Technology

DXC Technology

DXC Technology helps global companies run their mission critical systems and operations while modernizing IT, optimizing data architectures, and ensuring security and scalability.

Wind River

Wind River

Wind River delivers the technology and expertise that enables the deployment of safe, secure, and reliable intelligent connected systems.

Shift Technology

Shift Technology

Shift Technology provides insurance companies with an innovative SaaS solution to improve and scale fraud detection.

TorGuard

TorGuard

TorGuard is a Virtual Private Network services provider offering secure encrypted access to the internet.

Zivaro

Zivaro

Zivaro provides transformational consulting and technology services to help clients attain real business value from their technology investments.

Ntirety

Ntirety

Ntirety Managed Security Services offer enterprise businesses the advanced tools, processes, and support to ensure your infrastructure, networks, and mission-critical applications are secure.

CNS Group

CNS Group

CNS Group provides industry leading cyber security though managed security services, penetration testing, consulting and compliance.

Telsy

Telsy

Telsy is a security partner for ICT solutions and services. We help you implement effective security solutions that increase your risk mitigation ability and your responsiveness.

Conseal Security

Conseal Security

Mobile app security testing done well. Conseal Security are specialists in mobile app penetration testing. Our expert-led security analysis quickly finds security vulnerabilities in your apps.

Pristine InfoSolutions

Pristine InfoSolutions

Pristine InfoSolutions is a global IT services and Information Security Company focused on delivering smart, next-generation business solutions.

Obscure Technologies

Obscure Technologies

Obscure Technologies is a firm of experts, specialised in brokering the best security solutions to market.

Socura

Socura

Socura helps make the digital world a safer place; changing the way organisations think about cyber security through a dynamic, innovative, and human approach.

Google Cloud

Google Cloud

Accelerate your digital transformation. Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.

SecureWeb3

SecureWeb3

SecureWeb3 helps businesses and brands to secure their Web3 presence by offering a full suite of security services including training, consultancy & brand protection solutions.