Phishers Are Moving In On LinkedIn

Cyber criminals are using LinkedIn to find a way into your files and if you received a link to LinkedIn.com via email, SMS/text or instant message, check before you click on it.  

The emails contain the LinkedIn logo and brand colours, as well as using other well-known organisation names, like American Express, to make the attacks appear more convincing. 

Phishing emails which appear to use the LinkedIn brand image have increased by 232% since 1 February, 2022, research by security software firm Egress has revealed. The attackers use display name spoofing and stylised HTML templates to socially engineer victims into clicking on phishing links and then entering their credentials into fraudulent websites.  

Cyber criminals are always changing their tactics in order to achieve their goals and now spammers, and phishers are taking advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands. 

At issue is a “redirect” feature available to businesses that chose to market through LinkedIn.com. The LinkedIn redirect links allow customers to track the performance of ad campaigns, while promoting off-site resources. 
There is  little to stop criminals from leveraging newly registered or hacked LinkedIn business accounts to create their own ad campaigns using fake links, sometimes known as 'Slinks', 

Malicious or phishing emails that leverage LinkedIn’s Slinks are unlikely to be blocked by anti-spam or anti-malware filters, because LinkedIn is widely considered a trusted domain, and the redirect obscures the link’s ultimate destination. In a statement Linkedin said it has “industry standard technologies in place for URL sharing and chained redirects that help us identify and prevent the spread of malware, phishing and spam.” LinkedIn also said it uses 3rd party services, such as Google Safe Browsing, Spamhaus, Microsoft and others, to identify known-bad URLs.

If in any doubt, check out Urlscan.io, a free service that provides detailed reports on any scanned URLs and also offers a historical look at suspicious links submitted by other users. 

Linkedin’s parent company, Microsoft, is thought to be  one of the exploited used for phishing. Indeed, Check Point Software Tecnologies has found that as much as 45 percent of all brand phishing attempts globally target Microsoft. Check Point said LinkedIn was the sixth most phished brand last year.

The best advice to dodge phishing scams is to avoid clicking on links that arrive in emails, text messages and other mediums that you have not asked for.  

Often phishing scams invoke a time sensitive element that warns of dire consequences should you fail to respond or act quickly. Consequently, it’s important to have confirmation via another communication channel when receiving weird messages on LinkedIn.

CheckPoint:     Brian Krebs:       Techradar:    ITPro:   ZDNet:     Egress

You Might Also Read:

Half A Billion LinkedIn Members Found For Sale:

 

« Mark Zuckerberg's Vision: How AI Will Unlock The Metaverse
Russia Threatens To Block Wikipedia »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

D-RisQ

D-RisQ

D-RisQ is focussed on delivering techniques to reduce the development costs of complex systems and software whilst maximising compliance

CyberSource

CyberSource

CyberSource provides online payment and fraud management services for medium and large-sized merchants.

AFCERT

AFCERT

AFCERT is the national Computer Emergency Response Team for Afghanistan.

Custodio Technologies

Custodio Technologies

Custodio Technologies was established as a Singaporean R&D Centre of Israel Aerospace Industries (IAI) in order to spearhead R&D activities in the field of cyber early warning.

TeskaLabs

TeskaLabs

TeskaLabs is a software vendor of cybersecurity and data privacy products.

BHC Laboratory

BHC Laboratory

BHC Laboratory is a cyber capabilities’ development company for a wide range of global customers.

British Blockchain Association (BBA)

British Blockchain Association (BBA)

British Blockchain Association (BBA) is a not-for-profit organisation that promotes evidence-based adoption of Blockchain and Distributed Ledger Technologies (DLT) across the public and private sector

CYBER.ORG

CYBER.ORG

CYBER.ORG's goal is to empower educators as they prepare the next generation to succeed in the cyber workforce of tomorrow.

StartupXseed Ventures

StartupXseed Ventures

StartupXseed Ventures is a smart capital provider for Deep Tech, B2B, Early Stage Startups. We support, NextGen Tech Entrepreneurs, who have potential to deliver the outsized growth.

Boxphish

Boxphish

Boxphish provides a proven solution to reduce Human Error and Cyber Human Risk via automated learning journeys and intelligent phishing simulations.

EDGE Group

EDGE Group

EDGE is one of the world’s leading advanced technology groups, established to develop agile, bold and disruptive solutions for defence and beyond.

Unified Solutions

Unified Solutions

Unified Solutions provide a full continuum of cyber security services, compliance, and technology solutions.

Arelion

Arelion

Arelion is a leading light in global connectivity and we've been keeping the world connected for nearly three decades.

Mobilen Communications

Mobilen Communications

Mobilen are dedicated to providing our customers with the highest level of secure data in transit and to bring privacy back to a mobile world.

Post-Quantum Cryptography Alliance (PQCA)

Post-Quantum Cryptography Alliance (PQCA)

The alliance seeks to address cryptographic security challenges posed by quantum computing by producing high-assurance software implementations of standardized algorithms.

Adili Group

Adili Group

Adili Group is a leading pan-African corporate advisory firm. We deliver tailored solutions in regulation and compliance, risk management, and improving business efficiency.