"Phishers Tricking Users Via Fake LinkedIn Private Shared Document"

Security researchers have discovered that phishers are trying to trick LinkedIn users into opening a “LinkedIn Private Shared Document” and entering their login credentials into a fake LinkedIn login page.  The phishing message is delivered via LinkedIn’s internal messaging system and is made to look like it has been sent by one of the victim’s contacts. The message urges the recipient to follow a third-party link to view a document.  The researchers stated that there is no such thing as a ‘LinkedIn Private Shared Document’ and that if one sees this, it should ring the targets’ alarm bell.  If the victim clicks on the third-party link, they will be redirected to a convincingly spoofed LinkedIn login page.  If they enter their login credentials, their account will probably soon be sending out phishing messages to their contacts.  The researchers believe that perhaps the adversaries are indiscriminate in whom they target, but compromising high-value targets might allow them to more successfully target a more significant number of LinkedIn contacts or pivot into stealing even more critical credentials (e.g., for Microsoft/Office 365 accounts).  The phishing pages are hosted on sites that may also have legitimate work purposes, e.g., Appspot, Firebase, and Pantheon.io, making it unlikely that enterprises would block access to them.  The researchers stated that the phishing sites use major ASNs, including Fastly, Google, and Microsoft, making basic network traffic analysis for the end-user also not so useful.  Researchers suggest that to prevent this type of attack from affecting organizations, then organizations should train their employees to spot this attack and similar attacks.  Another option is that an organization should consider blocking the use of social media/networks from work computers.

Help Net Security reports: "Phishers Tricking Users Via Fake LinkedIn Private Shared Document"