These actors are doing this to get over users’ email security. Similarly, they are now able to redirect users to various phishing ages that end up stealing details related to payments.
In case you didn’t know, the Smart Link functionality of LinkedIn is designed for specific users of Sales Navigator and even Enterprise. They would enable a stack of around 15 documents to be sent out via a single link that could be tracked.
Meanwhile, in addition to being extremely versatile, they give people related to marketing the chance to gain better insights on analytics and produce reports about what’s being viewed and any shared content on the app and how long it can be viewed for.
So as you can see, these phishing actors aren’t just abusing the feature to bypass protections for your email. But they can also end up gaining more insight into the effectiveness of different campaigns and then optimizing any of their interests.
This particular trend of the feature could end up being spotted by some analysts located at Cofense. They’ve observed campaigns that target various people hailing from Slovakia by portraying themselves as postal servicemen.
These types of phishing emails are sent out to different targets and inform them about bogus needs like covering up costs linked to a parcel so it can be shipped on time.
Then, they use tricks like email header mimics so it looks totally real to any recipient. But if you really examine things better, it just becomes totally clear what the sender is trying to do and how he’s unrelated to any postal company or service provider.
Meanwhile, confirm buttons embedded onto screens have a special Smart Link URL attached, entailing some numerics and letters toward the end. This is done to redirect users to any phishing page.
This particular redirection functionality is located in Smart Links and can be used to market various ads and pages. However, threat actors are now using it for the wrong purpose and bypassing security checks.
For now, the costs for landings pages outlined are not high and so it makes the whole trap so much more believable at around 3 Euros. See, the goal is surely not money but to get a hold of sensitive details like credit card numbers, user names, and also the expiration date with CVV.
When a visitor falls into the trap, they add details and then press on submit. They get informed about how the payment has been done successfully and then redirected to any final code for SMS on the confirmation page. See, the sole purpose is to add legitimacy along the way so it’s more believable.
For now, the campaign might be attacking those of Slovakian origin but it does not take time to spread to other areas. We do know about how tech experts have reached out to LinkedIn to discuss the serious matter and how it plans on issuing safeguards to stop the abuse.
Read next: Annual Cyber Attacks Targeting US Businesses Rise to 42