• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » scam » LinkedIn Email Scam Steals Login Credentials

LinkedIn Email Scam Steals Login Credentials

2020-06-22 by Michelle Dvorak

LinkedIn Email Scam

Hackers Using Office 365 to Scam LinkedIn Accounts With Credential Phishing Scam

LinkedIn users are currently the target of another Office 365 credential phishing scam. This LinkedIn email scam phishes users with what appears to be an automated message from the LinkedIn platform. If the target follows the instructions in the email, it leads them to a malicious web page that attempts to steal their LinkedIn login information. This impersonation scam was reported by cyber security researchers at Abnormal Security.

The target of this credential phishing campaign is corporate employees who use LinkedIn for business connections. Somewhere between 15,000 and 50,000 accounts have been impacted by the impersonation scam.

“If the user falls victim to this attack, their LinkedIn account will be compromised. The attacker could then send further attacks to the user’s connections to compromise those accounts as well, and the user could lose a lot of connections in the process,” says Abnormal Security.

READ ABOUT MORE ONLINE SCAMS – CLICK HERE

LinkedIn Connections

LinkedIn users send what is known as a connection request to other LinkedIn users to establish a business relationship. This is equivalent to sending a Facebook friend request or following someone on Instagram. When one LinkedIn user sends another a connection request, an email is automatically generated and sent to the requestee. The email notifies the requestee that someone has sent them a connection request and that their response is waiting. The requestee may either accept the connection request or choose to ignore it. Legitimate LinkedIn connection request emails contain a link in the notification to take the user to their LinkedIn account so they may view the profile of the person requesting the connection and decide what to do.

in this LinkedIn email scam, the link in the email is disguised. It does not take the user to LinkedIn.com. It takes them to a spoof website and malicious web page.

The email message has wording that looks like a typical LinkedIn business connection notification. The email senders name impersonates a LinkedIn email. It contains harmful clickable links that lead the recipient to a phishing website.

The phishing email message contains a cloaked link to hide the true destination website which is not a legitimate LinkedIn landing page.

The phishing web page is hosted on a legitimate sports product website. However, the landing page for the scam is designed, worded, and branded to resemble LinkedIn.com It appears that the sports product website has been compromised and is being used as part of this credential phishing scam.

If the recipient follows the instruction on the malicious web page their LinkedIn login information is sent straight to the hackers.

What is LinkedIn?

LinkedIn is an employee and corporate centric social media channel with more than 575+ million users. Its userbase makes a prime target for hackers as most of them are already employed an assumed to have bank accounts worth compromising. LinkedIn also encourages networking through its platform. If a hacker can compromise a user’s LinkedIn account they can potentially use it to move laterally through the network and hack into even more user accounts as well as that of their employers.

This is the second Office 365 phishing scam seen in the past week. Last week, Wells Fargo Bank customers were the targets of another email phishing scam. Hackers were cleverly sending fake calendar imitations to MS Office Outlook email accounts. If the recipient accepted the calendar invitation, the event was listed on their calendar along with a malicious link in the meeting description. The link leads to another credential phishing web page to steal bank account login information. This is a rather clever way to deliver a seemingly innocent calendar imitation that could lead to a bank account being cleaned out by hackers.

Filed Under: scam Tagged With: LinkedIn

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version