Hackers are using LinkedIn Smart URL to bypass email protection.
The latest cyber threat involves threat actors gaining unauthorized access to customer contact service platforms and leveraging this vulnerability to deploy malicious software designed to capture login credentials and personally identifiable information (PII) from their intended victims.
What is the LinkedIn Smart Link?
The LinkedIn smart link is a tool which provides professional social network sales navigator service, enabling LinkedIn business account to communicate with other LinkedIn users. The smart Link enables sender of the message keep track on LinkedIn users that interacted with the messages and in what manner they did.
A Sudden triggering event were discovered, when cybersecurity researchers at Cofense identified a significant phishing campaign distributed via the LinkedIn platform, encompassing a total of 800 email messages, with an unprecedented 80 embedded malicious hyperlinks occurring during the period spanning from July to August 2023.
Crafting the Phishing Messages:
The phishing messages were skillfully designed to mimic communications related to payments, human resources, hiring processes, sensitive documentation, security alerts, and other deceptive tactics employed by threat actors. These tactics are employed to lure unsuspecting victims into clicking on a malicious link, which then redirects them away from the LinkedIn platform, despite the initial appearance of trustworthiness in the message.
Researchers at confense stated that:
“Despite Finance and Manufacturing having higher volumes, it can be concluded that this campaign was not direct attack on any one business or sector but a blanket attack to collect as many credentials as possible using LinkedIn business accounts and smart links to carry out the attack.”
Nevertheless, the transmission of these messages requires the use of a LinkedIn Business account, a hurdle that the hackers easily overcome by either generating new accounts or exploiting existing compromised business accounts acquired from fellow threat actors. The primary focus of this phishing campaign majorly centered on organizations operating within the finance, manufacturing, energy, construction, and healthcare sectors. The attackers’ primary goal was to compromise Microsoft accounts within these organizations.
Upon successfully exploiting the LinkedIn smart links, the attacker gains the capability to circumvent the email security measures established by their compromised target. This allows the attacker to receive messages directly in their inbox, taking advantage of the inherent trustworthiness associated with the platform. Most email protection tools permit messages originating from this domain to pass through without rigorous scrutiny.
Please do let us know in the comment section what are your thoughts about this.