Phishers Are Moving In On LinkedIn

Uploaded on 2022-03-08 in TECHNOLOGY-Key Areas-Social Media, NEWS-Cybersecurity News, FREE TO VIEW

Cyber criminals are using LinkedIn to find a way into your files and if you received a link to LinkedIn.com via email, SMS/text or instant message, check before you click on it.  

The emails contain the LinkedIn logo and brand colours, as well as using other well-known organisation names, like American Express, to make the attacks appear more convincing. 

Phishing emails which appear to use the LinkedIn brand image have increased by 232% since 1 February, 2022, research by security software firm Egress has revealed. The attackers use display name spoofing and stylised HTML templates to socially engineer victims into clicking on phishing links and then entering their credentials into fraudulent websites.  

Cyber criminals are always changing their tactics in order to achieve their goals and now spammers, and phishers are taking advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands. 

At issue is a “redirect” feature available to businesses that chose to market through LinkedIn.com. The LinkedIn redirect links allow customers to track the performance of ad campaigns, while promoting off-site resources. 
There is  little to stop criminals from leveraging newly registered or hacked LinkedIn business accounts to create their own ad campaigns using fake links, sometimes known as 'Slinks', 

Malicious or phishing emails that leverage LinkedIn’s Slinks are unlikely to be blocked by anti-spam or anti-malware filters, because LinkedIn is widely considered a trusted domain, and the redirect obscures the link’s ultimate destination. In a statement Linkedin said it has “industry standard technologies in place for URL sharing and chained redirects that help us identify and prevent the spread of malware, phishing and spam.” LinkedIn also said it uses 3rd party services, such as Google Safe Browsing, Spamhaus, Microsoft and others, to identify known-bad URLs.

If in any doubt, check out Urlscan.io, a free service that provides detailed reports on any scanned URLs and also offers a historical look at suspicious links submitted by other users. 

Linkedin’s parent company, Microsoft, is thought to be  one of the exploited used for phishing. Indeed, Check Point Software Tecnologies has found that as much as 45 percent of all brand phishing attempts globally target Microsoft. Check Point said LinkedIn was the sixth most phished brand last year.

The best advice to dodge phishing scams is to avoid clicking on links that arrive in emails, text messages and other mediums that you have not asked for.  

Often phishing scams invoke a time sensitive element that warns of dire consequences should you fail to respond or act quickly. Consequently, it’s important to have confirmation via another communication channel when receiving weird messages on LinkedIn.

CheckPoint:     Brian Krebs:       Techradar:    ITPro:   ZDNet:     Egress

You Might Also Read:

Half A Billion LinkedIn Members Found For Sale:

 

« Mark Zuckerberg's Vision: How AI Will Unlock The Metaverse
Russia Threatens To Block Wikipedia »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cleo

Cleo

Cleo is a leader in secure information integration, enabling both ease and excellence in business data movement and orchestration.

Skkynet Cloud Systems

Skkynet Cloud Systems

Skkynet is a leader in real-time data systems for the secure management and control of industrial processes (SCADA) and embedded devices (M2M).

Awen Collective

Awen Collective

Awen Collective develops software-based tools for performing Digital Forensics, Incident Response and Cyber-Crime Investigation.

Woz U

Woz U

Woz U provides best-in-class technology training for Learners, Higher-Ed and Corporations. We focus on the most in-demand occupations such as Software Development, Data Science and Cyber Security.

NLnet Labs

NLnet Labs

NLnet Labs is a not-for-profit foundation with a long heritage in research and development, Internet architecture and governance, as well as security in the area of DNS and inter-domain routing.

GB Group (GBG)

GB Group (GBG)

GBG is a global technology specialist in fraud, location and identity data intelligence.

Scarlett Cybersecurity

Scarlett Cybersecurity

Scarlett Cybersecurity provide cybersecurity services to US private and public organizations with specific emphasis on compliance and cybersecurity incident prevention, detection, and response.

Gigit

Gigit

Gigit’s Service portfolio focuses on your business’ needs and the integration of comprehensive cybersecurity policies, plans, procedures, and practices into your business culture and operations.

Snowflake

Snowflake

Empower your cybersecurity and compliance teams with Snowflake. Gain full visibility into security logs, at massive scale, while reducing costs of Security Information and Event Management systems.

ClearVector

ClearVector

ClearVector is a leading provider of realtime, identity-driven security for the cloud.

Avocado Consulting

Avocado Consulting

Avocado helps clients deliver with certainty on their complex IT change, with technology services that automate, monitor and optimise.

Prembly

Prembly

Prembly are a compliance and security infrastructure company.

BreakPoint Labs

BreakPoint Labs

BreakPoint Labs is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations.

CyberSecAsia

CyberSecAsia

CyberSecAsia series conference is the one and only decision-makers gathering for CISO and info security experts in Asia.

modePUSH

modePUSH

modePUSH is a cybersecurity company focused on end-to-end breach response from Digital Forensics to Restoration across the enterprise and cloud environments.

Secure Cyber Management

Secure Cyber Management

Secure Cyber Management provides industry-leading cloud security advice, guidance and services.