Cybercriminals are targeting businesspeople with an elaborate phishing attack aimed at stealing sensitive data (opens in new tab), including credit card and other payment information, researchers have found.
The attack also abuses a premium LinkedIn feature called Smart Link, which allows users of the social media site to send more than a dozen documents via a single link.
Not only is it more convenient, but it also allows the sender to keep track of how many people opened the link and files inside, how much time they spent with each file, etc. What’s more, Smart Link allows users to redirect the recipients elsewhere.
Sharing key data
Researchers from Cofense discovered the attackers would send a phishing email pretending to be from Slovenská pošta, the Slovakian national postal service. The email would state that the recipient needs to pay a little extra to be able to receive a pending parcel. As usual, the email carries a “confirm” button, which is the LinkedIn Smart Link URL, and which redirects victims to the phishing page.
What makes this attack vector particularly dangerous is the fact that Smart Link is a legitimate feature and does not get flagged by email security products. When the victims click the button, they get sent to a page where they’re asked to pay €2.99 – not a big sum, but money is not the goal here, anyway – data is.
On the page, victims need to share all kinds of sensitive data, including all the credit card details needed to make a payment. Finally, when all is complete, the victim is redirected to an SMS code confirmation page which, as researchers found, is only there to add legitimacy to the whole campaign.
> What is phishing and hopw dangerous is it? (opens in new tab)
> Here’s our list of the best firewalls around (opens in new tab)
LinkedIn has been notified of the malicious campaign abusing its services, and says it’s currently investigating the matter.
In a statement to BleepingComputer, the company said: “Our internal teams work to take action against those who attempt to harm LinkedIn members through phishing. We encourage members to report suspicious messages and help them learn more about what they can do to protect themselves, including turning on two-step verification.”
- Check out our list of the best antivirus (opens in new tab) tools right now
Via: BleepingComputer (opens in new tab)