The LinkedIn Smart Link is currently exploited by phishing operators, aiming to avoid the security features of a targeted system and redirect victims to phishing pages that could steal payment information.
Researchers explained that Smart Link is a functionality reserved for LinkedIn Sales Navigator and Enterprise users. This feature could enable the mentioned individuals to distribute a pack of approximately 15 documents using one trackable link.
In addition, Smart Link gives the marketing staff analytics that can generate reports regarding who views the shared content and the duration of viewing.
Therefore, the phishing actors were fascinated by the Smart Link feature since it could bypass security protections while acquiring insights into the campaigns’ efficiency. It allows them to device lures for more successful phishing attacks.
Users from Slovenia were the first known victims of the exploited LinkedIn Smart Link.
Researchers targeting different individuals from Slovakia discovered the new phishing method in the LinkedIn Smart Link. The phishing operators allegedly used bogus postal service lures to bait their Slovakian victims.
Based on reports, the phishing email disseminated to the targets should have originated from Slovakia’s state-owned postal service provider. The email was a notice for the recipients about the cover cost of the parcel with the pending shipment.
The researchers noticed that the address seemed legitimate but used an email header trickery. The sender of the phishing email is named “sis[.]sk@augenlabs[.]com,” which is not related to the Slovakian postal service provider.
Moreover, there is an attached confirm button in the Smart Link URL, with added alphanumeric variates as a suffix to redirect a target to a phishing page. The redirection functionality in Smart Links is commonly used for endorsing ads and marketing pages. However, the threat actors exploit it to bypass security checks.
The portrayed shipment value on the phishing page is not costly since the threat actors set the price at $2.99. The low price is a strategy of threat actors since they do not want to receive money; instead, they want to steal the victim’s payment information such as credit card details, holder’s name, CVV and validity of the credit card.
Cybersecurity experts believe the attack against Slovakians is just a start for a broader scope of attacks since these threat actors could target different entities from different countries worldwide.
