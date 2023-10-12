Researchers from Cofense have identified a surge in phishing messages sent through LinkedIn’s Sales Navigator service, using the platform’s Smart Links feature. This campaign involved approximately 800 emails sent between July and August 2023, utilizing around 80 unique Smart Links.

The phishing messages were designed to deceive recipients impersonating emails related to various topics such as payments, human resources, hiring, important documents, and security notifications. These messages contained embedded links or buttons that redirected victims away from LinkedIn’s trusted environment.

In order to send these messages, the attackers required access to LinkedIn Business accounts. They often utilized either newly created accounts or accounts that had been stolen in previous attacks. The majority of targeted victims were from finance, manufacturing, energy, construction, and healthcare sectors. The primary objective of the campaign was to steal Microsoft account credentials.

By exploiting LinkedIn, the attackers were able topass email security measures that most victims had in place. As LinkedIn is a generally trusted platform, email protection tools typically allow messages from its domain to pass through. This campaign aimed to maximize the collection of credentials taking advantage of LinkedIn’s reputation.

Cofense argues that this campaign was not targeted towards specific businesses or sectors but rather was a wide-scale attack aimed at gathering as many credentials as possible using LinkedIn’s business accounts and Smart Links.

This incident is not the first time that cybercriminals have exploited LinkedIn’s services. A similar campaign was discovered last year, highlighting the need for users to exercise caution and remain vigilant when interacting with messages and links on the platform.

