Hackers have once again resorted to exploiting LinkedIn’s Smart Links in phishing campaigns to bypass security measures and avoid detection, targeting Microsoft account credentials.
Smart Links, a feature integrated into LinkedIn’s Sales Navigator service, enable business accounts to use trackable links for marketing and tracking purposes. The links incorporate LinkedIn’s domain structure, making them appear trustworthy and allowing them to evade email protection systems. This abuse of LinkedIn’s Smart Link feature has been observed before, with the latest campaign detected in late 2022, specifically targeting Slovakian users with counterfeit postal service lures.
A new wave of attacks involving Smart Links was identified by cybersecurity firm Cofense, with over 800 emails leading a diverse set of targets to phishing pages. These attacks occurred between July and August 2023, utilizing 80 distinct Smart Links originating from either newly created or compromised LinkedIn business accounts. The victims spanned various sectors, including finance, manufacturing, energy, construction, and healthcare.
Cofense notes that despite a higher volume of attacks in finance and manufacturing, the campaign appears to be a blanket assault aiming to collect as many credentials as possible. The phishing pages are designed to resemble a standard Microsoft login portal, auto-filling the target’s email address from the Smart Link to enhance authenticity and deceive victims.
