Researchers are warning of a new phishing campaign using hijacked LinkedIn accounts to send malicious links in private messages and InMail.
Jérôme Segura, lead malware intelligence analyst at
Malwarebytes, made the discovery, revealing that the fraudulent messages sometimes come from hacked Premium accounts.
“The fraudulent message includes a reference to a shared document and a link that redirects to a phishing site for Gmail and other email providers which require potential victims to log in,”
he explained.
“Those who proceed will have their username, password, and phone number stolen but won’t realize they were duped right away. Indeed, this phishing scam ends on a tricky note with a decoy document on wealth management from Wells Fargo.”
The phishing messages in question abuse link shortening service ow.ly and free hosting provider gdk.mx to redirect to the phishing page, which is hosted on a hacked website, Segura added.
Malwarebytes has also spotted attackers abusing LinkedIn’s trusted InMail service to send the same link.
It even includes a custom security footer to add authenticity to the scam. Segura warned that while the delivery mechanism can be trusted in this case, the content most definitely cannot.
“The same can be said for phishing pages that use HTTPS – which is the case here – making content delivery secure but the content itself fraudulent,” he added.
