On LinkedIn, Fake Investment Scams Steal Corporate Login Data
“LinkedIn is being targeted with fake investment scams, and in the cover of that, a huge chunk of corporate login data is getting stolen.”
Attackers obtain Microsoft credentials from valuable experts by using sophisticated spoofing techniques and phony investment offers.
A Novel Type of Social Engineering
On LinkedIn, a new phishing campaign has emerged that targets senior finance executives with what seem to be high-value, exclusive invitations. The technique, which was discovered by cybersecurity company Push Security, represents a change in the way attackers target confidential company information, switching from email-based phishing to social media sites that appear legitimate.
Pretending to be representatives of a “Commonwealth investment fund in South America,” the attackers approach their targets with an alluring offer to join an executive board in collaboration with a fictional venture capital firm.
Written in professional corporate terminology, the mail entices recipients with what appears to be a career milestone, but it actually contains a sophisticated network of online fraud.
The Structure of an Attack on LinkedIn
When a victim clicks on the invitation’s link, the trap starts. This is followed by a sequence of reroutes via Google Search, an attacker-controlled server, and a page hosted on Firebase Storage. googleapis[.]com.
This last page, which is designed to look genuine, requests that the user use Microsoft to examine or download a document. After clicking, the victim is taken to a specially created adversary-in-the-middle (AiTM) phishing website, which is a virtually exact replica of Microsoft’s login page.
The user unintentionally gives the attackers access by entering their credentials, allowing them to get beyond multi-factor authentication and gain access to company systems.
Changing Goals and Increasing Risks
According to Push Security, this effort clearly shows how phishing techniques have evolved. The distinction between professional networking and cyber exploitation is becoming more hazy as attackers use social media sites like LinkedIn instead of conventional email routes.
| “The damage is not diminished just because the attack occurs over LinkedIn,” the firm warned.
“Even though it’s a ‘personal’ app, these corporate credentials are being targeted. Taking over a fundamental identity, such as a Google or Microsoft account, can have far-reaching effects, including endangering data in essential applications and any linked systems through single sign-on.” |
Techniques for Evasion and Defense
The infrastructure of the attackers demonstrates a high level of technical sophistication. Push Security claims that they use popular anti-bot technologies like Cloudflare Turnstile and CAPTCHA to stop automated scanners and security tools from flagging their pages, rather than to safeguard consumers.
This makes it possible for phishing websites to stay online longer and avoid being discovered. Organizations must modify their defenses to incorporate social platforms into their threat monitoring strategies, according to the firm’s researchers.
As phishing moves from inboxes to newsfeeds, attention must now be paid to direct messages, job offers, and professional invitations that appear authentic but are actually digital traps, in addition to suspicious emails.
About The Author
Suraj Koli is a content specialist in technical writing about cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts, with the latest trends in cyber awareness and ethical hacking. Find out more about “Him.”
Read More:
10,000 Sites Affected by Serious Flaws in Elementor King Addons
About Author
English