Linkedin users hit with a new phishing campaign targeting via direct messages and the LinkedIn InMail feature.
Linkedin Premium accounts have been hacked by phishers, sending messages with a shortened Ow.ly link to view a document via GoogleDoc/Drive. The Premium accounts are legitimate LinkedIn users, and have access to a feature that allows them to contact any LinkedIn users, even if there are no connections.
The fact the messages are from Premium members makes the messages look legitimate, and technically they are, as only the link is considered malicious.
Clicking on the Ow.ly link redirects the recipient to a webpage that requires their Gmail, Yahoo or AOL login to be entered, plus their phone number to allow access the document. The document they find is a fake Wells Fargo, the American international banking services, document hosted on Google Docs.
It is uncertain whether the malicious URLs are unique to each victim or not, but for one Premium user, out of their 500 contacts who all got sent the malicious link, 256 clicked on the phishing link. However, it is unclear as to how many may have entered their credentials on the fake document.
Mark James, ESET IT Security Specialist, talks about how phishing emails seem to be the norm.
“Phishing is something that nearly everyone has to deal with, and often it’s a daily occurrence.
“Most end up in the bin, easily spotted and clearly spam, but when a phishing attack comes via a ‘trusted’ platform it’s much harder for the recipient to make the right decision and stay safe.
“This particular attack uses the LinkedIn platform, and from a business perception quite widely used.
“If a message comes through this avenue, there’s a much higher chance than normal of it being actioned.
“If the link is shortened, then the end user either has to ignore it or go for it, and of course if it’s directed to a malware ridden website then there is a good chance you will end up infected.
“The usual rules apply: make sure your operating system and applications are on the latest versions and up to date, fully patched and ensure you have a good regular updating internet security product keeping your device secure.
“Sadly these days using the internet is ridden with dangers, some are easily spotted but more and more are hiding in the shadows waiting to ruin your day.”
Have you ever received any sort of phishing attacks? Let us know on Twitter @ESETUK.
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.