Cybercriminals are always looking for clever ways to trick users into giving up their card details and other credentials. In this case, a group has been targeting users from Slovakia who use LinkedIn’s Smart Link feature, so that they trust emails with this kind of attachment. Learn all the details in the following lines.
LinkedIn’s Smart Link has become cybercriminals’ new tool
LinkedIn is the most important and used social network for professionals in the world. On this platform, anyone can create a purely professional community where they can find their dream job. Over the years since their release, they have grown a lot to encompass various services and interesting features, all aimed at professionals in any area.
One of these features is called Smart Link, which is used by LinkedIn Sales Navigator and Enterprise Users, as it allows users to send a link within emails containing a package of up to 15 documents. This same link can be tracked and obtain metrics that give important information for Marketing and sales departments. This way, the campaigns that are being carried out are optimized.
And it is precisely this that caught the attention of cybercriminals, added to the fact that with this type of link, they can overcome the security controls that the different email services have. Besides having metrics, it helps them to know if the phishing campaign obtains the desired results.
Cofense was the first firm to realize this new method, which for now has been used only in Slovakia, but they do not doubt that it will soon be able to expand to the rest of the world. This is how LinkedIn’s Smart Links are used:
- It all starts with an email sent by Slovenská pošta, the state-owned postal service provider in Slovakia, informing the recipient of the need to cover costs for a parcel with pending shipment.
- Although the matter seems very real and urgent, when looking at the address used, it is very clear that it is a hoax, as it is not part of the Slovakian postal service.
- The button that appears with the LinkedIn’s Smart Link link should take you to confirm the subject. But, in reality, the link ends with a series of alphanumeric characters that obviously redirect to a phishing page.
- The payment that appears on this page is very reasonable, so users do not distrust it, but cybercriminals are not looking for money; instead, they want the card data that the users will give. When the payment is accepted, they are informed of an SMS confirming it, but it is only to give the process more legitimacy.
LinkedIn was contacted by Bleeping Computer to give their part about this new method with Smart Links, and their response was as follows:
“Our internal teams work to take action against those who attempt to harm LinkedIn members through phishing.
We encourage members to report suspicious messages and help them learn more about what they can do to protect themselves, including turning on two-step verification.
To learn more about how members can identify phishing messages, see our Help Center.”
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Photo by Alexander Shatov on Unsplash.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp