Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Carding News
LinkedIn Smart Links attacks return to target Microsoft accounts
Message
<blockquote data-quote="Jakesu" data-source="post: 30" data-attributes="member: 7"><p>Hackers are once again abusing LinkedIn Smart Links in phishing attacks to bypass protection measures and evade detection in attempts to steal Microsoft account credentials.</p><p></p><p>Smart Links are part of LinkedIn's Sales Navigator service, used for marketing and tracking, allowing Business accounts to email content using trackable links to determine who engaged with it.</p><p></p><p>Also, because Smart Link uses LinkedIn's domain followed by an eight-character code parameter, they appear to originate from a trustworthy source and bypass email protections.</p><p></p><p>The abuse of LinkedIn's Smart Link feature isn't novel, as cybersecurity firm Cofense discovered the technique in a late 2022 campaign targeting Slovakian users with bogus postal service lures.</p><p></p><p></p><p><strong>New campaign targets Microsoft accounts</strong></p><p></p><p>The email security company today reports it identified a surge in LinkedIn Smart Link abuse recently, with over 800 emails of various subjects leading a broad range of targets to phishing pages.</p><p></p><p>According to Cofense, the recent attacks occurred between July and August 2023, using 80 unique Smart Links, and originated from newly created or compromised LinkedIn business accounts.</p><p></p><p>Cofense data shows that the most targeted sectors of this latest campaign are finance, manufacturing, energy, construction, and healthcare.</p><p></p><p><a href="https://www.bleepstatic.com/images/news/u/1220909/2023/Phishing/21/targets.png" target="_blank"><img src="https://www.bleepstatic.com/images/news/u/1220909/2023/Phishing/21/targets.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a></p><table style='width: 100%'><tr><td>Targeted sectors</td></tr></table><p>"Despite Finance and Manufacturing having higher volumes, it can be concluded that this campaign was not a direct attack on any one business or sector but a blanket attack to collect as many credentials as possible using LinkedIn business accounts and Smart Links to carry out the attack," explains Cofense.</p><p></p><p>The emails sent to targets use subjects relating to payments, human resources, documents, security notifications, and others, with the embedded link/button triggering a series of redirects from a "trustworthy" LinkedIn Smart Link.</p><p></p><p></p><p><img src="https://www.bleepstatic.com/images/news/u/1220909/2023/Phishing/21/email.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><table style='width: 100%'><tr><td>Phishing email</td></tr></table><p>To add legitimacy to the phishing process and create a false sense of authenticity on the Microsoft login page, the Smart Link sent to victims is adjusted to contain the target's email address.</p><p></p><p><a href="https://www.bleepstatic.com/images/news/u/1220909/2023/Phishing/21/structure.png" target="_blank"><img src="https://www.bleepstatic.com/images/news/u/1220909/2023/Phishing/21/structure.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a></p><table style='width: 100%'><tr><td>Smart Link's structure</td></tr></table><p>The phishing page will read the email address from the link clicked by the victim and auto-fill it on the form, only expecting the victim to fill out the password, just like it happens on the legitimate login portal.</p><p></p><p><a href="https://www.bleepstatic.com/images/news/u/1220909/2023/Phishing/21/login-phishing.png" target="_blank"><img src="https://www.bleepstatic.com/images/news/u/1220909/2023/Phishing/21/login-phishing.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a></p><table style='width: 100%'><tr><td>Generic Microsoft account phishing page</td></tr></table><p>The phishing page resembles a standard Microsoft login portal instead of a customized, company-specific design.</p><p></p><p>While this broadens its target range, it may deter individuals familiar with their employer's unique portals.</p><p></p><p>Users should be educated not to rely solely on email security tools to block threats, as phishing actors increasingly adopt tactics that abuse legitimate services to bypass these protections.</p></blockquote><p></p>
[QUOTE="Jakesu, post: 30, member: 7"] Hackers are once again abusing LinkedIn Smart Links in phishing attacks to bypass protection measures and evade detection in attempts to steal Microsoft account credentials. Smart Links are part of LinkedIn's Sales Navigator service, used for marketing and tracking, allowing Business accounts to email content using trackable links to determine who engaged with it. Also, because Smart Link uses LinkedIn's domain followed by an eight-character code parameter, they appear to originate from a trustworthy source and bypass email protections. The abuse of LinkedIn's Smart Link feature isn't novel, as cybersecurity firm Cofense discovered the technique in a late 2022 campaign targeting Slovakian users with bogus postal service lures. [B]New campaign targets Microsoft accounts[/B] The email security company today reports it identified a surge in LinkedIn Smart Link abuse recently, with over 800 emails of various subjects leading a broad range of targets to phishing pages. According to Cofense, the recent attacks occurred between July and August 2023, using 80 unique Smart Links, and originated from newly created or compromised LinkedIn business accounts. Cofense data shows that the most targeted sectors of this latest campaign are finance, manufacturing, energy, construction, and healthcare. [URL='https://www.bleepstatic.com/images/news/u/1220909/2023/Phishing/21/targets.png'][IMG]https://www.bleepstatic.com/images/news/u/1220909/2023/Phishing/21/targets.png[/IMG][/URL] [TABLE] [TR] [TD]Targeted sectors[/TD] [/TR] [/TABLE] "Despite Finance and Manufacturing having higher volumes, it can be concluded that this campaign was not a direct attack on any one business or sector but a blanket attack to collect as many credentials as possible using LinkedIn business accounts and Smart Links to carry out the attack," explains Cofense. The emails sent to targets use subjects relating to payments, human resources, documents, security notifications, and others, with the embedded link/button triggering a series of redirects from a "trustworthy" LinkedIn Smart Link. [IMG]https://www.bleepstatic.com/images/news/u/1220909/2023/Phishing/21/email.png[/IMG] [TABLE] [TR] [TD]Phishing email[/TD] [/TR] [/TABLE] To add legitimacy to the phishing process and create a false sense of authenticity on the Microsoft login page, the Smart Link sent to victims is adjusted to contain the target's email address. [URL='https://www.bleepstatic.com/images/news/u/1220909/2023/Phishing/21/structure.png'][IMG]https://www.bleepstatic.com/images/news/u/1220909/2023/Phishing/21/structure.png[/IMG][/URL] [TABLE] [TR] [TD]Smart Link's structure[/TD] [/TR] [/TABLE] The phishing page will read the email address from the link clicked by the victim and auto-fill it on the form, only expecting the victim to fill out the password, just like it happens on the legitimate login portal. [URL='https://www.bleepstatic.com/images/news/u/1220909/2023/Phishing/21/login-phishing.png'][IMG]https://www.bleepstatic.com/images/news/u/1220909/2023/Phishing/21/login-phishing.png[/IMG][/URL] [TABLE] [TR] [TD]Generic Microsoft account phishing page[/TD] [/TR] [/TABLE] The phishing page resembles a standard Microsoft login portal instead of a customized, company-specific design. While this broadens its target range, it may deter individuals familiar with their employer's unique portals. Users should be educated not to rely solely on email security tools to block threats, as phishing actors increasingly adopt tactics that abuse legitimate services to bypass these protections. [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Carding News
LinkedIn Smart Links attacks return to target Microsoft accounts
Top