Microsoft account users are in danger of cyberattacks that utilize LinkedIn's Smart Links to spread phishing attacks and steal login credentials, warns cybersecurity firm Cofense. These Smart Links are a part of LinkedIn's Sales Navigator service and are commonly used for marketing and tracking purposes by business account holders. Cofense has so far detected over 800 such suspicious emails.
A Technique Not Novel, Aims at Broad Range of Targets
Cofense had previously identified this exploitation technique in late 2022. The recent attacks happened between July and August 2023, where the cyberattackers used 80 unique Smart Links. These attacks were identified to be originating from either newly created or compromised LinkedIn business accounts. Industries such as finance, manufacturing, energy, construction, and healthcare were most targeted in these attacks. However, the campaign appears to be widespread rather than targeting a specific sector.
The Deception – Tricking Through Authenticity and Trust
The phishing process is cleverly designed, creating a false sense of authenticity. The victims receive emails with subjects relating to payments, HR, documents, security notifications, and are redirected to phishing pages via the embedded LinkedIn Smart Link. Upon clicking the link, the phishing page auto-fills the victim's email address in the form, resembling the procedure on a legitimate login page, and prompts the victim to enter their password. The fake page resembles a standard Microsoft login portal rather than a customized portal, targeting a broader group of users.
Users are advised to be cautious and not completely rely on email security tools, as phishing actors are adopting techniques that abuse legitimate services to bypass these protections. Even a seemingly harmless LinkedIn feature is now being exploited by cybercriminals, stressing the importance of awareness and caution in navigating the online world.