Cybercriminals target entrepreneurs with a sophisticated phishing attack designed to steal sensitive data (opens in a new tab)including credit card information and other payment information, researchers found.
The attack also uses LinkedIn’s premium feature called Smart Link, which allows users of a social networking site to send more than a dozen documents via a single link.
Not only is this more convenient, it also allows the sender to keep track of how many people opened the link and the files inside, how much time they spent with each file, etc. Moreover, Smart Link enables users to redirect their audience elsewhere.
Share key data
Cofense researchers found that the attackers sent phishing e-mails impersonating Slovenská pošta, the Slovak state-owned postal service. The email would say that the recipient has to pay a little extra to be able to receive the pending package. As usual, the email contains a “confirm” button, which is the LinkedIn Smart Link URL, which redirects victims to a phishing site.
What makes this attack vector especially dangerous is the fact that Smart Link is a legitimate feature and is not flagged by email security products. When the victim clicks the button, they are redirected to a page where they are asked to pay € 2.99 – a small sum, but money is not the target here – it is.
On the website, victims are required to share all kinds of sensitive information, including all credit card details needed to make a payment. Finally, when everything is ready, the victim is redirected to an SMS code confirmation page, which the researchers found only serves to lend credence to the entire campaign.
LinkedIn has been notified of a malicious campaign abusing its services and says it is currently investigating the matter.
In a statement to A hissing computer, the company said: “Our internal teams are working to take action against those who try to harm LinkedIn members by phishing. We encourage members to report suspicious messages and help them learn more about what they can do to protect themselves, including enabling two-step verification. “
- Check out our list of the best antiviruses (opens in a new tab) tools now
By: A hissing computer (opens in a new tab)