LinkedIn Smart Links exploited to spread phishing attacks

Nowadays, any type of app, platform or service that allows users to communicate with other people is potentially at risk. Whether it’s hacking, whether it’s spreading malware or of credential theftthe risk is always and in any case concrete.

The latest worrying news in this context is the case of Smart Links Of LinkedIn.

The tool in question, offered as part of the service Sales Navigator of the social network dedicated to professionals, allows account Business to reach other LinkedIn users with “intelligent” connections that can be tracked. This allows the sender to keep track of who has interacted with the messages and how: very useful for testing and improving their presence on the platform.

However, cybersecurity researchers from Cofense recently said they had noticed an increase in messages from phishing sent via the LinkedIn platform.

They were sent between July and August 2023 around 800 emailsusing approx 80 different Smart Links who promoted this type of attack.

The messages in question act with the typical modus operandi of phishing. We’re talking about content that deals with payments, HR and hiring, important documents, security notifications, and the like. The messages also contain a link or button that redirects the victim to external malicious websites.

In order to send these messages, attackers must have access to LinkedIn Business accounts. In some cases, they use newly created accounts or those stolen in previous attacks. The victims are mainly financial companies, manufacturing, energy, buildings e healthcare.

By abusing LinkedIn and Smart Links, attackers are able to bypass the email security services set by most victims. Since LinkedIn is generally considered a secure platform, most email security tools allow messages from its domain to pass through without any particular blocking or controls.

The anonymous attackers don’t appear to be targeting anyone in particular, Cofense says.”Although the financial and manufacturing sectors have higher volumes, it can be concluded that this campaign was not a direct attack on any company or sector, but a generalized attack to collect as many credentials as possible. possible by using LinkedIn company accounts and Smart Links to launch the attack“.

This is not the first time that LinkedIn services have been abused for illicit purposes. In fact, just this summer we had already reported cases of this type.


Please enter your comment!
Please enter your name here