Cybercriminals are targeting businesspeople with an elaborate phishing attack aimed at stealing sensitive data, including credit card and other payment information, researchers have found.
The attack also abuses a premium LinkedIn feature called Smart Link, which allows users of the social media site to send more than a dozen documents via a single link.
Not only is it more convenient, but it also allows the sender to keep track of how many people opened the link and files inside, how much time they spent with each file, etc. What’s more, Smart Link allows users to redirect the recipients elsewhere.
Sharing key data
Researchers from Cofense discovered the attackers would send a phishing email pretending to be from Slovenská pošta, the Slovakian national postal service. The email would state that the recipient needs to pay a little extra to be able to receive a pending parcel. As usual, the email carries a “confirm” button, which is the LinkedIn Smart Link URL, and which redirects victims to the phishing page.
What makes this attack vector particularly dangerous is the fact that Smart Link is a legitimate feature and does not get flagged by email security products. When the victims click the button, they get sent to a page where they’re asked to pay €2.99 - not a big sum, but money is not the goal here, anyway - data is.
On the page, victims need to share all kinds of sensitive data, including all the credit card details needed to make a payment. Finally, when all is complete, the victim is redirected to an SMS code confirmation page which, as researchers found, is only there to add legitimacy to the whole campaign.
LinkedIn has been notified of the malicious campaign abusing its services, and says it’s currently investigating the matter.
In a statement to BleepingComputer, the company said: “Our internal teams work to take action against those who attempt to harm LinkedIn members through phishing. We encourage members to report suspicious messages and help them learn more about what they can do to protect themselves, including turning on two-step verification.”
- Check out our list of the best antivirus tools right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.