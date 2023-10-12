Cofense cybersecurity researchers have discovered a new phishing campaign that targets LinkedIn users to steal their Microsoft account login credentials. The scammers are exploiting LinkedIn’s Smart Links feature, which allows users to send multiple documents with a single trackable link. By using Smart Links, the phishing actors are able to make their emails appear legitimate andpass email security mechanisms.

Between July and August 2023, researchers observed approximately 800 phishing emails sent through 80 unique Smart Links. These emails targeted users in various industries, with a focus on the finance and manufacturing sectors. The messages contained embedded links or buttons that redirected victims to malicious websites where they were prompted to provide personal and financial information or login credentials.

The campaign likely utilizes newly created or compromised business accounts on LinkedIn to deliver the phishing lures and trick users into giving away their Microsoft account details. The attackers have modified the Smart Links to include additional recipient information, autofilling the phishing page and making it more convincing.

To protect yourself against this type of phishing attack, it is important to be cautious of emails from unknown senders, even if they appear to come from a legitimate source. Only click on links in emails if you are confident in their legitimacy, and consider contacting the sender directly to verify if you are unsure. It is also recommended to use a reliable password manager and enable two-factor authentication for all online accounts.

Source: Cofense Cybersecurity Researchers. No URL provided.