"Threat Actor Abuses LinkedIn's Smart Links Feature to Harvest Credit Cards"

A malicious campaign aimed at Internet users in Slovakia is another example of how phishing operators often use legitimate services and brands to bypass security controls. Threat actors have been using a LinkedIn Premium feature called Smart Links to direct users to a phishing page designed to steal credit card information. LinkedIn's Smart Links is a marketing feature that allows Premium service subscribers to direct others to content that the sender wants them to see. Since the link embedded in the phishing email appears to be from the Slovakian Postal Service and is a valid LinkedIn URL, Secure Email Gateways (SEGs) and other filters are unlikely to block it. The email also requests that the recipient pay a small fee for a package said to be on its way to them. Users who click on the link are taken to a page appearing to be the one used by the postal service to collect online payments. Instead of just paying for the alleged package shipment, users end up giving the phishing operators their payment card information. This is not the first time threat actors have used LinkedIn's Smart Links feature in a phishing campaign. According to Brad Haas, senior intelligence analyst at Cofense, this is one of the few instances where emails containing doctored LinkedIn Smart Links have reached user inboxes. The phishing protection services provider is currently tracking the ongoing Slovakian campaign and recently issued a report on its preliminary analysis of the threat. One reason phishing remains one of the primary initial access vectors is attackers' increasing use of legitimate Software-as-a-Service (SaaS) and cloud offerings such as LinkedIn, Google Cloud, AWS, and others to host malicious content or direct users to it. This article continues to discuss the abuse of LinkedIn's Smart Links feature to steal credit card information.

Dark Reading reports "Threat Actor Abuses LinkedIn's Smart Links Feature to Harvest Credit Cards"