A phishing attack is one of the significant threats that individuals and companies faced. With the pandemic crisis and people are on edge, cybercriminals are eager to achieve a higher number of success with their phishing campaigns. Last year was a year of phishing sites. A multinational technology company detected a high record of around 2.11 million phishing websites. This record represents a 25% increase against the 2019 data, which is 1.69 million phishing websites. As we move forward digitally, the number of sites phishers deploy and victims continuously increases. Furthermore, the ongoing pandemic creates a perfect environment for cybercriminals to capitalize on the situation.
Recently, phishers are now using the LinkedIn platform to harvest login credentials from their unsuspecting victims.
LinkedIn is a platform used for business and employment-leaning online facilities. It was launched in May 2003 to connect the world’s professionals and currently has around 740 million small business owners, students, job seekers, professionals, and companies in more than 200 countries.
The structure of the phishing attack
A phishing message circulates in the LinkedIn platform using LinkedIn’s internal messaging system. The message comes from the victim’s contacts or with someone they previously connected. The message encourages the victim to open or view a document by opening a third-party link disguised as a LinkedIn Private Shared Document. Although the message appears to be legitimate, LinkedIn does not have a private shared document feature. Once the victim clicks the “VIEW DOCUMENT,” it will redirect to a fake LinkedIn login page that will be used as bait to trick users into providing their account credentials.
The fraudulent page contains the same information as LinkedIn’s Official login page.
Once the victim enters their login credentials, their account will send phishing messages to their contacts to target more users. The threat actor also aims to steal other critical account credentials such as Microsoft and Office 365 accounts.
The fraudulent websites are hosted on sites used legitimately for work purposes, such as Appspot, Firebase, and Pantheon.io. These types of sites are allowed on the enterprise network. Owners of the accounts used to send phishing messages should be notified immediately that their accounts are compromised and should update their account passwords.
Cybercriminals are continuously exploring all other avenues on how to deploy phishing attacks successfully. The primary goal of phishers is to trick the users into believing that the website, email, or file is legitimate by masquerading as a trusted company or a person. Simultaneously, the end goal is to trick the users into entering their account credentials and confidential information. Companies can mitigate the risk of phishing activities by deploying security tools; however, educating the users is vital to prevent the potential dangers of being victims of the phishing attack.