SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

LinkedIn Smart Links Abused in Phishing Campaign Targeting Microsoft Accounts

A recently observed phishing campaign targeting Microsoft accounts is using LinkedIn smart links to bypass defenses.

A recently identified phishing campaign is relying on LinkedIn smart links to bypass email defenses and deliver malicious lures into Microsoft users’ inboxes, email security firm Cofense reports.

A legitimate feature connected to LinkedIn’s Sales Navigator services, smart links allow businesses to promote websites and advertisements, redirecting users to specific domains.

Threat actors, however, are relying on the feature to redirect users to malicious websites that attempt to steal their credentials and personal information, abusing the inherent trust that email gateways have in LinkedIn.

While LinkedIn smart links have been abused in malicious attacks before, the recently observed phishing campaign stands out with more than 80 unique smart links embedded within over 800 phishing messages delivered to recipients from various industries, Cofense says.

The campaign, the email security firm says, likely employed newly created or compromised LinkedIn business accounts to deliver document, financial, general notification, and security themed lures to unsuspecting victims.

A smart link typically includes the LinkedIn domain followed by a parameter and an eight-alphanumeric character ID, but the threat actors added other pieces of information as well, including the recipient’s email address, to autofill the malicious phishing form the victim is redirected to, and which asks for their Microsoft account credentials.

According to Cofense, the campaign mainly targeted employees at financial and manufacturing organizations. However, energy, construction, healthcare, insurance, mining, consumer goods, and technology organizations were targeted as well.

“Despite finance and manufacturing having higher volumes, it can be concluded that this campaign was not a direct attack on any one business or sector but a blanket attack to collect as many credentials as possible using LinkedIn business accounts and smart links to carry out the attack,” Cofense notes.

Advertisement. Scroll to continue reading.

Related: US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform

Related: New Phishing Campaign Launched via Google Looker Studio

Related: Malicious QR Codes Used in Phishing Attack Targeting US Energy Company

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

CIEM Chat: How to Reduce Cloud Identity Risk
March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

Virtual Event: Ransomware Resilience & Recovery Summit
April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Passwordless authentication firm Hawcx has appointed Lakshmi Sharma as Chief Product Officer.

Matt Hartley has been named Chief Revenue Officer at autonomous security solutions provider Horizon3.ai.

Trustwave has announced the appointment of Keith Ibarguen as Senior Vice President of Engineering.

More People On The Move

Expert Insights

Related Content

Microsoft AI Microsoft AI

Cloud Security

Microsoft Cloud Hack Exposed More Than Exchange, Outlook Emails

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

July 21, 2023
DMARC Implemented on Half of U.S. Government Domains

Compliance

DMARC Implemented on Half of U.S. Government Domains

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

January 3, 2018
DMARC Adoption Low in Fortune 500, FTSE 100 Companies

Email Security

DMARC Adoption Low in Fortune 500, FTSE 100 Companies

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

August 23, 2017
VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Application Security

VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

December 13, 2022
Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Application Security

Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

December 12, 2022
Phishing Attacks: Best Practices for Not Taking the Bait

Phishing

Phishing Attacks: Best Practices for Not Taking the Bait

The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...

February 12, 2020
Famed Hacker Kevin Mitnick Dead at 59

Fraud & Identity Theft

Famed Hacker Kevin Mitnick Dead at 59

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...

July 19, 2023
Enterprises Warned About Zix-Themed Credential Phishing Attacks

Cybercrime

Enterprises Warned About Zix-Themed Credential Phishing Attacks

Enterprise users have been warned that cybercriminals may be trying to phish their credentials by luring them with fake emails that appear to be...

September 28, 2021