Hackers Using Office 365 to Scam LinkedIn Accounts With Credential Phishing Scam
LinkedIn users are currently the target of another Office 365 credential phishing scam. This LinkedIn email scam phishes users with what appears to be an automated message from the LinkedIn platform. If the target follows the instructions in the email, it leads them to a malicious web page that attempts to steal their LinkedIn login information. This impersonation scam was reported by cyber security researchers at Abnormal Security.
The target of this credential phishing campaign is corporate employees who use LinkedIn for business connections. Somewhere between 15,000 and 50,000 accounts have been impacted by the impersonation scam.
“If the user falls victim to this attack, their LinkedIn account will be compromised. The attacker could then send further attacks to the user’s connections to compromise those accounts as well, and the user could lose a lot of connections in the process,” says Abnormal Security.
READ ABOUT MORE ONLINE SCAMS – CLICK HERE
LinkedIn users send what is known as a connection request to other LinkedIn users to establish a business relationship. This is equivalent to sending a Facebook friend request or following someone on Instagram. When one LinkedIn user sends another a connection request, an email is automatically generated and sent to the requestee. The email notifies the requestee that someone has sent them a connection request and that their response is waiting. The requestee may either accept the connection request or choose to ignore it. Legitimate LinkedIn connection request emails contain a link in the notification to take the user to their LinkedIn account so they may view the profile of the person requesting the connection and decide what to do.
in this LinkedIn email scam, the link in the email is disguised. It does not take the user to LinkedIn.com. It takes them to a spoof website and malicious web page.
The email message has wording that looks like a typical LinkedIn business connection notification. The email senders name impersonates a LinkedIn email. It contains harmful clickable links that lead the recipient to a phishing website.
The phishing email message contains a cloaked link to hide the true destination website which is not a legitimate LinkedIn landing page.
The phishing web page is hosted on a legitimate sports product website. However, the landing page for the scam is designed, worded, and branded to resemble LinkedIn.com It appears that the sports product website has been compromised and is being used as part of this credential phishing scam.
If the recipient follows the instruction on the malicious web page their LinkedIn login information is sent straight to the hackers.
What is LinkedIn?
LinkedIn is an employee and corporate centric social media channel with more than 575+ million users. Its userbase makes a prime target for hackers as most of them are already employed an assumed to have bank accounts worth compromising. LinkedIn also encourages networking through its platform. If a hacker can compromise a user’s LinkedIn account they can potentially use it to move laterally through the network and hack into even more user accounts as well as that of their employers.
This is the second Office 365 phishing scam seen in the past week. Last week, Wells Fargo Bank customers were the targets of another email phishing scam. Hackers were cleverly sending fake calendar imitations to MS Office Outlook email accounts. If the recipient accepted the calendar invitation, the event was listed on their calendar along with a malicious link in the meeting description. The link leads to another credential phishing web page to steal bank account login information. This is a rather clever way to deliver a seemingly innocent calendar imitation that could lead to a bank account being cleaned out by hackers.