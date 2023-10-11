A recent surge in a sophisticated credential phishing campaign has been identified, targeting LinkedIn users. Cybercriminals are once again leveraging the use of LinkedIn Smart Links to trick users into clicking on malicious links that ultimately lead to credential theft.

LinkedIn Smart Links are designed to make it easier for users to share links to relevant and engaging content on the platform. The links can be customized to display a preview of the webpage being shared. However, this feature can also be exploited attackers to hide malicious URLs.

In this particular campaign, cybercriminals are sending phishing emails to potential victims. The emails appear to be legitimate LinkedIn notifications, prompting users to click on a link to view a shared document, job offer, or other enticing content. However, the links actually lead to a fake LinkedIn login page, where unsuspecting users will unwittingly enter their login credentials.

Once the credentials are obtained the attackers, they can be used for various malicious purposes. For instance, the stolen credentials can be used for identity theft, fraud, or even sold on the dark web.

To protect yourself from falling victim to such phishing attacks, it is important to be vigilant and exercise caution when clicking on links in emails or messages, especially if they prompt you to enter login credentials. Always verify the sender and the content of the message before taking any action. Additionally, enabling two-factor authentication on your LinkedIn account can provide an extra layer of security.

It is worth noting that this phishing campaign is not limited to LinkedIn and can be adapted to target other popular platforms as well. This serves as a reminder to always be cautious and skeptical of unexpected emails or messages, and to report any suspicious activity to the platform or your organization’s IT security team.