Hackers are using LinkedIn smart links to target users in phishing attacks

A LinkedIn feature is being used to bypass email protection

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

If you have a service that allows you to contact people, you can be sure hackers will try to abuse it to deliver malware or steal login credentials and otherpersonally identifiable info.

Case in point - LinkedIn Smart Links. The tool, offered as part of the professional social network’s Sales Navigator service, allows Business accounts to reach out to other LinkedIn users with “smart” links that can be tracked. That allows the sender to keep tabs on who interacted with the messages and in what way - very useful for pitch testing and improvements.

However, cybersecurity researchers from Cofense have now said they recently spotted a surge in phishing messages sent through the LinkedIn platform - some 800 emails were sent out between July and August 2023, using roughly 80 unique Smart Links.

Stealing accounts

The messages are your usual phishing copy - regarding payments, human resources and hiring, important documents, security notifications, and similar. The messages also carry an embedded link or a button that redirects the victim from LinkedIn’s “trustworthy” message elsewhere.

To be able to send these messages, the attackers need to have access to LinkedIn Business accounts. In some cases, they use either newly created accounts, or those stolen in earlier attacks. The victims are mostly finance, manufacturing, energy, construction, and healthcare firms. The goal of the campaign is to stealMicrosoftaccount credentials.

By abusing LinkedIn, the attackers are able to bypass email security services most victims have set up, and have their messages delivered straight to the inbox. As LinkedIn is generally considered a safe platform, most email protection tools allow messages from its domain through.

The unnamed attackers weren’t going after anyone specific, Cofense argues: “Despite Finance and Manufacturing having higher volumes, it can be concluded that this campaign was not a direct attack on any one business or sector but a blanket attack to collect as many credentials as possible using LinkedIn business accounts and Smart Links to carry out the attack,” the researchers said.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

This is not the first time LinkedIn’s services were abused to deliver malware, as a similar campaign was discovered last year, as well.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Red One isn’t perfect but it proves we need more action-packed Christmas movies