Phishers Are Moving In On LinkedIn

Uploaded on 2022-03-08 in TECHNOLOGY-Key Areas-Social Media, NEWS-Cybersecurity News, FREE TO VIEW

Cyber criminals are using LinkedIn to find a way into your files and if you received a link to LinkedIn.com via email, SMS/text or instant message, check before you click on it.  

The emails contain the LinkedIn logo and brand colours, as well as using other well-known organisation names, like American Express, to make the attacks appear more convincing. 

Phishing emails which appear to use the LinkedIn brand image have increased by 232% since 1 February, 2022, research by security software firm Egress has revealed. The attackers use display name spoofing and stylised HTML templates to socially engineer victims into clicking on phishing links and then entering their credentials into fraudulent websites.  

Cyber criminals are always changing their tactics in order to achieve their goals and now spammers, and phishers are taking advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands. 

At issue is a “redirect” feature available to businesses that chose to market through LinkedIn.com. The LinkedIn redirect links allow customers to track the performance of ad campaigns, while promoting off-site resources. 
There is  little to stop criminals from leveraging newly registered or hacked LinkedIn business accounts to create their own ad campaigns using fake links, sometimes known as 'Slinks', 

Malicious or phishing emails that leverage LinkedIn’s Slinks are unlikely to be blocked by anti-spam or anti-malware filters, because LinkedIn is widely considered a trusted domain, and the redirect obscures the link’s ultimate destination. In a statement Linkedin said it has “industry standard technologies in place for URL sharing and chained redirects that help us identify and prevent the spread of malware, phishing and spam.” LinkedIn also said it uses 3rd party services, such as Google Safe Browsing, Spamhaus, Microsoft and others, to identify known-bad URLs.

If in any doubt, check out Urlscan.io, a free service that provides detailed reports on any scanned URLs and also offers a historical look at suspicious links submitted by other users. 

Linkedin’s parent company, Microsoft, is thought to be  one of the exploited used for phishing. Indeed, Check Point Software Tecnologies has found that as much as 45 percent of all brand phishing attempts globally target Microsoft. Check Point said LinkedIn was the sixth most phished brand last year.

The best advice to dodge phishing scams is to avoid clicking on links that arrive in emails, text messages and other mediums that you have not asked for.  

Often phishing scams invoke a time sensitive element that warns of dire consequences should you fail to respond or act quickly. Consequently, it’s important to have confirmation via another communication channel when receiving weird messages on LinkedIn.

CheckPoint:     Brian Krebs:       Techradar:    ITPro:   ZDNet:     Egress

You Might Also Read:

Half A Billion LinkedIn Members Found For Sale:

 

« Mark Zuckerberg's Vision: How AI Will Unlock The Metaverse
Russia Threatens To Block Wikipedia »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Bulletproof Cyber

Bulletproof Cyber

Bulletproof offer a range of security services, from penetration testing and vulnerability assessments to 24/7 security monitoring, and consultancy.

Packet Ninjas

Packet Ninjas

Packet Ninjas is a niche cyber security agency with specialized expertise in the use of digital intelligence to strengthen cyber security.

Westermo Network Technologies

Westermo Network Technologies

Westermo designs and manufactures robust, resilient and secure data communications products for mission-critical industrial systems.

NNIT

NNIT

NNIT​ is one of Denmark’s leading consultancies in IT development, implementation and operations, including cyber security.

Cyber DriveWare

Cyber DriveWare

DriveWare analyzes new traffic in the I/O layer and blocks malware and cyber attacks which organizations have no means to protect against.

Careers in Cyber Security (CiCS)

Careers in Cyber Security (CiCS)

CareersinCyberSecurity is a leading global job board and career resource for Cyber Security, IT Audit, Technology Risk and Data Protection professionals.

S4x Events

S4x Events

S4x are the most advanced and largest ICS cyber security events in the world.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub is a non-profit network organization focused on cooperation, information sharing, research and implementation of cutting-edge technologies in cybersecurity.

Enclave Networks

Enclave Networks

Our mission is to give IT professionals a simple way to rapidly build secure connectivity between any application, computer system, device or infrastructure - regardless of the underlying network.

Cyturus Technologies

Cyturus Technologies

Cyturus Technologies delivers cybersecurity business risk quantification services using our proprietary Adaptive Risk Model (ARM).

Anonomatic

Anonomatic

Anonomatic’s mission is to make data privacy secure, simple and cost effective. We are Data and Privacy Experts who are passionate about helping organizations solve PII compliance.

Punk Security

Punk Security

Punk Security are specialists in integrating security into DevOps pipelines, enabling rapid and secure development.

Zokyo

Zokyo

Zokyo is a venture studio that builds, secures, and funds legendary web3/crypto businesses.

Conosco

Conosco

Conosco are industry-leading experts throughout the UK in strategic consulting, project delivery, business communications, support, and security.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

nodeQ

nodeQ

At nodeQ, we are pioneering the future of computer networks, leveraging our deep expertise in quantum communication, artificial intelligence, and software-defined networking.