LinkedIn Phishing Scams Using Fake Account Notifications for Hackers
Fake Notification Phish Campaign Steals Credentials, Hijacks Professional Accounts
A sophisticated phishing campaign has been identified, utilizing fake notifications to deceive even the most cautious professionals. Researchers from the Cofense Phishing Defense Center (PDC) have shed light on the tactics employed by attackers to steal login credentials and sensitive professional data.
The Phishing Scheme
- The phishing scheme begins with an email that mimics a standard alert from a reputable firm.
- The message creates a sense of urgency, informing recipients of a potential business opportunity.
- However, the email’s legitimacy is compromised due to its resemblance to a genuine notification, using the same fonts, logos, and colors seen daily.
According to researchers, “The attackers targeted individuals with ties to China or those dealing with Chinese business partners, as the initial messages were written in Chinese.”
The Attackers’ Tactics
- Researchers believe the attackers targeted individuals with ties to China or those dealing with Chinese business partners, as the initial messages were written in Chinese.
- The emails originated from a domain called khanieteam.com, which was only a few days old when it was first spotted in March 2026.
- Upon further investigation, it became apparent that the attackers had set up a series of internet addresses, including 104.21.80.1, to facilitate the phishing campaign.
- These addresses were used to create a login page that resembled a legitimate interface, complete with a URL that visually matched a common brand name.
According to Enrico Silverio from the Cofense PDC, “the scam exploits human curiosity and trust, making it particularly effective.”
Security Experts’ Advice
- Security experts advise verifying the sender’s address and hovering over links to ensure their authenticity before clicking on anything.
- If a message seems too good to be true, it likely is.
About Author
English