searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
  • (IN)SECURE Magazine
Zeljka Zorz
Zeljka Zorz, Editor-in-Chief, Help Net Security
September 13, 2017
Share

Phishers targeting LinkedIn users via hijacked accounts

A new phishing campaign has been spotted hitting LinkedIn users via direct messages and the LinkedIn InMail feature.

They are sent from legitimate LinkedIn Premium accounts that have been hijacked by the phishers, thus increasing the likelihood that recipients will trust the message and click on the link.

LinkedIn hijacked accounts

The message

The messages/emails say that the sender has just shared with the recipient a document via GoogleDoc/Drive, and offers a shortened Ow.ly link to view it.

When sent through the InMail feature, which allows members with Premium accounts to contact LinkedIn users with whom they have no connection, they look pretty legitimate. Technically they are – LinkedIn is the one doing the sending, and they are sent from a legitimate account. It is just the content that cannot be trusted.

The link in the message redirects the victims to a web page that requires users to enter their Gmail, Yahoo or AOL login credentials and their phone number in order to access the document – a decoy Wells Fargo document hosted on Google Docs.

Phishing attacks from hijacked accounts are very effective

“We do not know how (malware, other phishing attacks, etc.) or how many LinkedIn accounts were compromised in this campaign,” Malwarebytes researcher Jerome Segura noted.

“It’s also unclear whether the shortened URLs are unique per hacked account or not, although we think they might be. The user whose account was hacked had over 500 connections on LinkedIn and based on Hootsuite‘s stats, we know 256 people clicked on the phishing link.”

But there is no way of knowing whether they followed through the process and entered their credentials in the phishing page:

OPIS

Segura pointed out that this kind of attack via social media is not new, but it’s effective and difficult to block.

“If your LinkedIn account gets compromised, you should immediately review its settings to change your password and enable two-step verification,” he advises.

“Additionally, you can post a quick update on your timeline that lets your contacts know you were hacked and that any previous message you may have sent with links should be carefully vetted.”




More about
  • account hijacking
  • Google
  • LinkedIn
  • Malwarebytes
  • phishing
Share this

Featured news

  • Python packages with malicious code expose secret AWS credentials
  • OT security: Helping under-resourced critical infrastructure organizations
  • How phishing attacks are becoming more sophisticated
Webinar: What’s trending in email security?

What's new

OT security: Helping under-resourced critical infrastructure organizations

How phishing attacks are becoming more sophisticated

Python packages with malicious code expose secret AWS credentials

Clearview fine: The unacceptable face of modern surveillance

Don't miss

Python packages with malicious code expose secret AWS credentials

OT security: Helping under-resourced critical infrastructure organizations

How phishing attacks are becoming more sophisticated

Clearview fine: The unacceptable face of modern surveillance

Cybercriminals use Azure Front Door in phishing attacks

Help Net Security - Daily information security news with a focus on enterprise security.
Follow us
  • Features
  • News
  • Expert Analysis
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Newsletters
  • Product showcase
  • Twitter

In case you’ve missed it

  • OT security: Helping under-resourced critical infrastructure organizations
  • How to keep your NFTs safe from scammers
  • Is your organization ready for Internet Explorer retirement?
  • Attackers aren’t slowing down, here’s what researchers are seeing

(IN)SECURE Magazine ISSUE 71.5 (June 2022)

Several of the most pressing topics discussed during this year’s Conference included issues surrounding privacy and surveillance, the positive and negative impacts of machine learning and artificial intelligence, the nuances of risk and policy, and more.

Read online
© Copyright 1998-2022 by Help Net Security
Read our privacy policy | About us | Advertise