Email security firm Cofense recently uncovered a phishing campaign that leveraged LinkedIn’s Smart Links feature to redirect unsuspecting victims to malicious websites. This demonstrates how threat actors are exploiting trusted platforms topass security measures and target users. In this particular campaign, hackers used Smart Links to convince users that the Slovakian Postal Service was requesting shipping costs.
Smart Links, introduced in 2016, are part of LinkedIn’s Sales Navigator service and allow users to share content on the platform. With Smart Links, users, including businesses, can add links to their profiles that direct others to their websites, blogs, or other online/social media presence. Business accounts can use Smart Links for driving traffic, marketing, and tracking interactions with other LinkedIn users. These links can be customized with tracking parameters to gain insights into the source of clicks.
The recent phishing campaign discovered Cofense involved over 800 emails with various subject themes, reaching users in multiple industries. The campaign used more than 80 unique LinkedIn Smart Links, which could originate from newly created or compromised LinkedIn business accounts. The targets of this campaign were primarily in finance, manufacturing, energy, construction, and healthcare sectors.
The attackers made these phishing emails seem authentic using generic subject lines related to financial, human resources, documents, security, and general notifications. By including the victim’s email address in the Smart Link and redirecting them to a phishing page, the attackers were able to trick users into entering their Office credentials. The phishing pages were designed to appear generic and legitimate to maximize the success of the attack.
This campaign highlights the significance of user vigilance and ongoing training to combat phishing attempts. While email security suites are important, employees must be cautious when receiving suspicious or unexpected emails and refrain from clicking on any suspicious links.
The misuse of LinkedIn Smart Links in this campaign demonstrates how threat actors are evolving their tactics topass existing defenses. The use of trusted domains like LinkedIn allows attackers to exploit the trust users have in these platforms, making it more difficult to detect and prevent such attacks.
Sources: Cofense, Security Boulevard
– Phishing: A fraudulent attempt to obtain sensitive information, such as usernames, passwords, and credit card details, disguising oneself as a trustworthy entity in an electronic communication.
– Smart Links: A feature introduced LinkedIn’s Sales Navigator service that allows users to share customizable links on their profiles to direct others to specific websites or content.
– Cofense: Email security firm that uncovered the phishing campaign using LinkedIn Smart Links.
– Security Boulevard: Online publication covering security-related topics.