Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

LinkedIn Smart Links Abused in Phishing Campaign Targeting Microsoft Accounts

A recently observed phishing campaign targeting Microsoft accounts is using LinkedIn smart links to bypass defenses.

A recently identified phishing campaign is relying on LinkedIn smart links to bypass email defenses and deliver malicious lures into Microsoft users’ inboxes, email security firm Cofense reports.

A legitimate feature connected to LinkedIn’s Sales Navigator services, smart links allow businesses to promote websites and advertisements, redirecting users to specific domains.

Threat actors, however, are relying on the feature to redirect users to malicious websites that attempt to steal their credentials and personal information, abusing the inherent trust that email gateways have in LinkedIn.

While LinkedIn smart links have been abused in malicious attacks before, the recently observed phishing campaign stands out with more than 80 unique smart links embedded within over 800 phishing messages delivered to recipients from various industries, Cofense says.

The campaign, the email security firm says, likely employed newly created or compromised LinkedIn business accounts to deliver document, financial, general notification, and security themed lures to unsuspecting victims.

A smart link typically includes the LinkedIn domain followed by a parameter and an eight-alphanumeric character ID, but the threat actors added other pieces of information as well, including the recipient’s email address, to autofill the malicious phishing form the victim is redirected to, and which asks for their Microsoft account credentials.

According to Cofense, the campaign mainly targeted employees at financial and manufacturing organizations. However, energy, construction, healthcare, insurance, mining, consumer goods, and technology organizations were targeted as well.

“Despite finance and manufacturing having higher volumes, it can be concluded that this campaign was not a direct attack on any one business or sector but a blanket attack to collect as many credentials as possible using LinkedIn business accounts and smart links to carry out the attack,” Cofense notes.

Advertisement. Scroll to continue reading.

Related: US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform

Related: New Phishing Campaign Launched via Google Looker Studio

Related: Malicious QR Codes Used in Phishing Attack Targeting US Energy Company

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Tenable has appointed Eric Doerr as its Chief Product Officer.

Michael Adams has joined Docusign as the new Group Vice President and CISO.

Security awareness training firm KnowBe4 has named Bryan Palma as president and CEO effective May 5.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.