New LinkedIn phishing scam targets executives with fake board positions

News
By published

No, you're not being invited to invest in South American businesses

Illustration of a hooked email hovering over a mobile phone
(Image credit: Getty Images)
  • Phishers target finance executives via LinkedIn, posing as a fake investment fund
  • Victims are tricked into entering Microsoft credentials on spoofed login pages
  • Non-email phishing now accounts for 34% of tracked attacks, up from 10% in three months

A new phishing campaign is targeting finance executives and other high net worth individuals on LinkedIn, aiming to steal their Microsoft credentials, as well as session cookies.

Security researchers at Push Security say the campaign takes place not via email, as is common with these types of attacks, but directly on LinkedIn, where the targets would receive a direct message from someone claiming to be a part of a newly-created “Common Wealth” investment fund.

"I'm excited to extend an exclusive invitation for you to join the Executive Board of Common Wealth investment fund in South America in partnership with AMCO - Our Asset Management branch, a bold new venture capital fund launching a Investment Fund in South America," the phishing message states.

Expanding the reach

Clicking on the link leads the victim through a number of redirects, most of which are designed to bypass automated security solutions and different scanners. This is done, among other things, with CAPTCHAs and Cloudflare Turnstile.

Finally, the victim is shown a prompt to log into their Microsoft account but, although the landing page looks almost identical to the legitimate Microsoft login page, this one belongs to the attackers and relays the information their way. That includes not just the login credentials, but also session cookies, making sure they remain logged in even if the victim decides to change the password.

Phishing is one of the oldest scams on the internet, but Push Security notes the pivot to LinkedIn signals a broader change in which email is no longer the only attack avenue:

"Phishing isn't just happening in email anymore," said Jacques Louw, Chief Product Officer at Push Security. "Over the past month, about 34% of the phishing attempts we've tracked have come through places like LinkedIn and other non-email channels — up from under 10% three months ago. Attackers are getting smarter about where people actually communicate and how to effectively target them — and defenders need to keep up."

We would also argue that this also has to do with email security improving over the years, and making it incredibly hard for phishing messages to reach people’s inboxes.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.