Cyber criminals target business people with extensive phishing attack aimed at stealing sensitive data (opens in new tab)including credit card and other payment information, researchers have found.
The attack also takes advantage of a premium LinkedIn feature called Smart Link, which allows users of the social media site to send more than a dozen documents via a single link.
Not only is it more convenient, but it also allows the sender to keep track of how many people opened the link and the files in it, how much time they spent on each file, etc. Moreover, Smart Link allows users to send the recipients elsewhere divert .
Share key data
Cofense researchers discovered that the attackers would send a phishing email pretending to be from Slovenská pošta, the Slovak national postal service. The email states that the recipient has to pay a little extra to receive a pending package. As usual, the email contains a “confirm” button, the LinkedIn Smart Link URL, which redirects victims to the phishing page.
What makes this attack vector particularly dangerous is the fact that Smart Link is a legitimate feature and is not flagged by email security products. When the victims click the button, they are sent to a page where they are asked to pay $2.99 - not a huge amount, but money isn’t the goal here anyway – data is.
The page requires victims to share all sorts of sensitive data, including all credit card details needed to make a payment. Finally, when everything is done, the victim is redirected to an SMS code confirmation page which, as researchers found, is only there to add legitimacy to the entire campaign.
LinkedIn has been made aware of the malicious campaign that is abusing its services and says it is currently investigating the matter.
In a statement to BleepingComputerthe company said: “Our internal teams are working to take action against those who try to harm LinkedIn members through phishing. We encourage members to report suspicious messages and help them learn more about what they can do.” do to protect themselves, including enabling two-step verification.”
- Check out our list of the best antivirus programs (opens in new tab) tools at the moment
Via: BleepingComputer (opens in new tab)