New phishing campaign using hijacked LinkedIn accounts

hijacked LinkedIn accounts

Researchers warning of a new phishing campaign using hijacked LinkedIn accounts to send malicious links in private messages and InMail.

LinkedIn’s data breach of 117 million users and then its sale on the dark web has helped malicious elements compromise websites and other social media accounts using leaked credentials.

Jérôme Segura, lead malware intelligence analyst at Malwarebytes, reveal that the fraudulent messages sometimes come from hacked Premium accounts. The fraudulent message includes a reference to a shared document and a link that redirects to a phishing site for Gmail and other email providers which require potential victims to log in.

Those who proceed will have their username, password, and phone number stolen but won’t realize they were duped right away. Indeed, this phishing scam ends on a tricky note with a decoy document on wealth management from Wells Fargo.

LinkedIn announces Audience Network for marketers to expand sponsored content to third-party services

phishing messages

The phishing messages in question abuse link shortening service ow.ly and free hosting provider gdk.mx to redirect to the phishing page. Which host on a hacked website. Malwarebytes has also spotted attackers abusing LinkedIn’s trusted InMail service to send the same link.



Also, includes a custom security footer to add authenticity to the scam. While, the delivery mechanism can trust in this case, the content most definitely cannot.

InMail can only send from Premium accounts, meaning the phishers have compromised one of these to help their campaign.

Seattle is the fastest growing market for software engineers, says LinkedIn

“We don’t know how many LinkedIn accounts compromised in this campaign,” wrote Segura. “It’s also unclear whether the shortened URLs unique per hacked account or not, although we think they might be.

This is not the first time when cybercriminals have used LinkedIn for phishing attacks. In November 2016, a scam used Dropbox as bait to not only steal LinkedIn login credentials but also aimed at financial details, driving license and passport copy for identity theft.

LinkedIn and other Internet users  advised not to open messages or emails from an unknown sender.

More information: [Malwarebytes]