Cofense [1] [3] [4] [5] [6] [7], a cybersecurity firm, has issued a warning about a significant increase in phishing attacks that exploit LinkedIn’s Smart Links. These attacks [2] [4] [7], which occurred between July and August 2023 [4], targeted users across various industries and aimed to gather Microsoft account credentials. This article provides a detailed description of the attacks and highlights the need for organizations to remain vigilant and adopt multi-layered security approaches.
Description
Cofense has detected over 800 suspicious emails sent to users in finance, manufacturing [1] [2] [3] [4] [5] [7], energy [1] [3] [4] [7], construction [3] [4] [7], and healthcare industries. These emails [3] [5], originating from newly created or compromised LinkedIn business accounts [4], create a false sense of authenticity by addressing topics such as payments, HR [4], documents [1] [4] [7], and security notifications [1] [4] [7]. The emails contain Smart Links that redirect recipients to phishing pages, where their email addresses are automatically filled in a form resembling a legitimate login page [4]. This campaign specifically targets Microsoft Office credentials and has been observed infiltrating user email inboxes across various industries [2], with a focus on finance and manufacturing [2]. The use of Smart Links in phishing attacks is not new [2], but this recent wave is concerning due to the large number of emails containing over 80 unique LinkedIn Smart Links [2]. The trusted brand and domain name of LinkedIn make it an ideal tool for malicious actors to exploit [2]. By embedding Smart Links into emails [2], these attacks can bypass security measures [2], making detection more challenging [2].
Conclusion
The exploitation of LinkedIn’s Smart Links poses a significant security risk for users of the professional social network [6]. The recent surge in phishing campaigns using these Smart Links highlights the need for users to be cautious and not solely rely on email security tools. Phishing actors are using legitimate services like LinkedIn to bypass these protections [4], making it crucial for organizations to remain vigilant and adopt multi-layered security approaches [2]. The misuse of trusted platforms like LinkedIn demonstrates how threat actors are evolving their tactics to bypass existing defenses [7]. To combat these phishing attempts, user vigilance and ongoing training are essential [7]. It is important for organizations to prioritize cybersecurity awareness and implement robust security measures to mitigate the risks associated with these attacks.
References
[1] https://www.infosecurity-magazine.com/news/new-phishing-campaign-uses/
[2] https://ticker.tv/news/credential-phishing-campaign-using-linkedin-smart-links-resurfaces/83408/
[3] https://www.waterisac.org/portal/threat-awareness-%E2%80%93-phishing-campaign-leveraging-linkedin-smart-links-returns-siphon-microsoft
[4] https://winbuzzer.com/2023/10/12/linkedin-smart-links-exploited-in-phishing-attacks-aimed-at-microsoft-accounts-xcxwbn/
[5] https://www.scmagazine.com/news/credential-phishing-campaign-using-linkedin-smart-links-resurfaces
[6] https://www.techradar.com/pro/security/hackers-are-using-linkedin-smart-links-to-target-users-in-phishing-attacks
[7] https://ticker.tv/news/hackers-still-abusing-linkedin-smart-links-in-phishing-attacks/83340/
