Cybersecurity firm Push Security reports a new LinkedIn phishing scam targeting high-level professionals.
Unlike traditional phishing, attackers are now sending messages directly on LinkedIn instead of email.
Finance leaders and executives are primary targets due to their access to sensitive company accounts and data.
Scam Appears Highly Professional
The scam message mimics a legitimate LinkedIn profile, making it appear trustworthy.
Victims are invited to join the Executive Board of a supposed “Commonwealth” investment fund.
The language used is formal and exciting, designed to create a sense of prestige and career opportunity.
Fake job Links and Redirects
Messages contain links to documents or proposals that the victim is asked to review.
Clicking the link triggers a series of redirects:
First, a google Search link.
Then, a website controlled by the attacker.
Finally, a page hosted on Firebase Storage. googleapis[.]com.
The final page appears normal, but asks for microsoft login credentials.
Microsoft Login Page Is Fake
The page is a convincing replica of the real microsoft sign-in page.
Entering credentials gives attackers full access to the victim’s microsoft account.
CAPTCHA and other tools are used to evade detection by security systems, making the scam harder to block.
Risks of Stolen microsoft Accounts
Attackers can access emails, files, business tools, and other company apps linked through single sign-on.
This can lead to broader corporate security breaches, data leaks, or financial risks.
Safety Recommendations
Be cautious of job offers or links received through LinkedIn, even from seemingly legitimate profiles.
Verify the source of any job invitation before clicking links or entering credentials.
Organizations should educate employees on phishing tactics beyond email, including professional networking platforms.
Disclaimer:
The information contained in this article is for general informational purposes only. While we strive to ensure accuracy, we make no warranties or representations of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability of the content. Any reliance you place on the information is strictly at your own risk. The views, opinions, or claims expressed in this article are those of the author and do not necessarily reflect the official policy or position of any organization mentioned. We disclaim any liability for any loss or damage arising directly or indirectly from the use of this article.
click and follow Indiaherald WhatsApp channel