LinkedIn smart links leveraged in credential phishing campaign


Attackers are on the hunt for Microsoft Office logins. A recent phishing campaign is leveraging newly created or compromised LinkedIn business accounts.

Cybersecurity company Cofense described the phishing campaign, which abuses LinkedIn smart links, last year. But, while the attack method is not new, researchers have observed a resurgence of the campaign.

“Cofense identified an anomaly of over 800 emails of various subject themes, such as financial, document, security, and general notification lures, reaching users’ inboxes across multiple industries containing over 80 unique LinkedIn Smart Links,” its blog post reads.

ADVERTISEMENT

LinkedIn smart links are used by business accounts to track engagement metrics. Emails with smart links embedded into them can bypass various security suites since they are using a trusted LinkedIn domain.

An email with a generic subject first arrives into a victim’s inbox. It might resemble a notification about documents, security, financial, and human resources. Here’s how it looks:

An example of a malicious email

Upon clicking on the link, the user eventually lands on a phishing page where they are asked to log in using their Microsoft Office credentials.

“The Finance and Manufacturing sectors were the most targeted. Despite Finance and Manufacturing having higher volumes, it can be concluded that this campaign was not a direct attack on any one business or sector but a blanket attack to collect as many credentials as possible using LinkedIn business accounts and Smart Links to carry out the attack,” the company said.

ADVERTISEMENT