Hackers are using LinkedIn smart links to target users in phishing attacks

News
By Sead Fadilpašić
published

A LinkedIn feature is being used to bypass email protection

linkedin
(Image credit: Shutterstock / Ink Drop)

If you have a service that allows you to contact people, you can be sure hackers will try to abuse it to deliver malware or steal login credentials and other personally identifiable info

Case in point - LinkedIn Smart Links. The tool, offered as part of the professional social network’s Sales Navigator service, allows Business accounts to reach out to other LinkedIn users with “smart” links that can be tracked. That allows the sender to keep tabs on who interacted with the messages and in what way - very useful for pitch testing and improvements.

However, cybersecurity researchers from Cofense have now said they recently spotted a surge in phishing messages sent through the LinkedIn platform - some 800 emails were sent out between July and August 2023, using roughly 80 unique Smart Links.

Stealing accounts

The messages are your usual phishing copy - regarding payments, human resources and hiring, important documents, security notifications, and similar. The messages also carry an embedded link or a button that redirects the victim from LinkedIn’s “trustworthy” message elsewhere.

To be able to send these messages, the attackers need to have access to LinkedIn Business accounts. In some cases, they use either newly created accounts, or those stolen in earlier attacks. The victims are mostly finance, manufacturing, energy, construction, and healthcare firms. The goal of the campaign is to steal Microsoft account credentials. 

By abusing LinkedIn, the attackers are able to bypass email security services most victims have set up, and have their messages delivered straight to the inbox. As LinkedIn is generally considered a safe platform, most email protection tools allow messages from its domain through.

The unnamed attackers weren’t going after anyone specific, Cofense argues: "Despite Finance and Manufacturing having higher volumes, it can be concluded that this campaign was not a direct attack on any one business or sector but a blanket attack to collect as many credentials as possible using LinkedIn business accounts and Smart Links to carry out the attack," the researchers said.

This is not the first time LinkedIn’s services were abused to deliver malware, as a similar campaign was discovered last year, as well.

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.