Cybercriminals are always changing their tactics in order to achieve their goals. With phishing, the goal is to collect banking credentials, credit card numbers or get access to emails from users, which in turn allows them to run more sophisticated scams, like the infamous business email compromise scam that has affected so many companies for some years already.
Now some phishing includes advanced social engineering. Abusing LinkedIn is one of those techniques that is very effective because a lot of professionals use and depend on LinkedIn for their activities or work relationships.
LinkedIn phishing emails
The first one consists of an email supposedly coming from LinkedIn, but actually it has been forged and comes from a real cybercriminal (Figure A).
A phishing email supposedly coming from LinkedIn.
The content is pretty well done, but what should raise suspicion and detect that this email content is fake is the sender address, which has nothing to do with LinkedIn. Legitimate emails from the social network always use the domain linkedin.com. Also, one might expect such an email not to contain misspellings like “bussinessman.”
Once clicked, the link leads the unsuspecting user to a phishing page hosted on a very different URL than the legitimate one (Figure B).
The fraudulent phishing page set by the cybercriminals.
Once the user enters his or her credentials into this page, the game is over: The cybercriminals will be able to use the user’s account at will.
Kaspersky also warns about phishing emails abusing LinkedIn (Figure C) which leads to a completely different content.
A phishing email abusing LinkedIn, with a highly suspicious link.
Once again, Figure C shows content that should immediately raise suspicion: the sender address has nothing to do with LinkedIn, and the link to click is also unrelated.
But the weirdest thing happens for the user who decides to click on the link. He or she is not guided to a fake login page supposedly from LinkedIn but to a financial online survey. In that kind of fraud, the user is enticed to fill out a small survey (Figure D) before providing information about themselves, including a phone-number, which might be used to perpetrate other fraud.
A fraudulent online survey spread by a fake LinkedIn email.
Financial crimes from LinkedIn phishing
Most phishing and social engineering attempts that abuse the LinkedIn professional network are done for financial crime purposes.
Some phishing is done to collect direct LinkedIn credentials, or to entice the user to provide other credentials, like personal or corporate email or even phone number or credit card information.
SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
Once they get hold of credit card information, they can use the card or sell it online. When they get access to the private email address of someone, they can use it for more advanced scams, like impersonating the person to trick some friends into sending money, hunt in the stored emails for more access to other services, or catch private information that can be sold easily, such as passport information.
Owning the access to a corporate account is also juicy for a financially motivated attacker. The attacker might find information to sell or find enough information to build a real BEC fraud.
Fake LinkedIn profiles used for cyber-espionage
In recent years, there have been several examples of real cyber-espionage threat actors abusing LinkedIn to get in touch with employees of companies they want to compromise.
In June 2020 ESET, a Slovak internet security company, exposed “Operation In(ter)caption,” targeted attacks against aerospace and military companies in Europe and the Middle East. In that cyberespionage operation, the threat actor used LinkedIn-based social engineering to establish an initial foothold before deploying malware (Figure E).
A fake LinkedIn job offer sent by a threat actor to establish contact.
In this case, the attackers had created a false profile on LinkedIn and used it to approach employees in companies they wanted to target. Once the talk was initiated, they would socially engineer the victims to have malware launched to compromise the company.
In another case, an investigation from the Associated Press revealed the use of an artificial intelligence-generated picture set on a fake LinkedIn profile under the name “Katie Jones,” who targeted several think tanks’ profiles.
How to detect LinkedIn phishing and fake profiles
LinkedIn phishing can be tricky to detect because some phishing emails can look very convincing. So, how can you spot LinkedIn phishing?
Now what about the fake profiles on LinkedIn?
If you have doubts and really are curious about the message, don’t hesitate to call the main office at the company. Ask for the person. For starters, they will confirm the person exists in the company. Then get the person on the phone and confirm it is indeed the person who sent you the message.
Remember that cybercriminals can also compromise LinkedIn accounts and use them. Therefore, it’s important to have confirmation via another communication channel when receiving weird messages on LinkedIn.
Cybersecurity Insider Newsletter
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays
This content was originally published here.