Hacked LinkedIn Accounts Spreading Malicious Links via InMail

0

A new phishing toss ones hat in the ring is targeting LinkedIn users, leveraging hacked accounts to send malicious associations via the platform’s private messaging feature.According to security researchers at Malwarebytes, the action abuses Premium membership accounts, which can message other LinkedIn operators – regardless of whether they’re connected or not.“The fraudulent message includes a relation to a shared document and a link that redirects to a phishing site for Gmail and other email providers that be missing potential victims to log in,” explained Jérôme Segura, lead malware savvy analyst at Malwarebytes, in a blog post.Users who fall for the bait at the last hand over their username, password and phone number to malicious actors.In the denunciation, the perpetrators abuse URL shorteners (ow.ly) and a free hosting provider (gdk.mx) to redirect trusting victims to the phishing page, which is hosted on a hacked website.The phishing bellhop is designed to look like a Gmail login page, but will also ask for Yahoo or AOL usernames and countersigns. When users attempt to log in to access the attachment, the page requests to support their identity by providing a phone number.Researchers have remembered the phishing links being sent via instant message, in addition to LinkedIn’s InMail, which counts a “security footer.”

Source: Malwarebytes“This kind of attack via societal media is not new – we have seen hacked Skype or Facebook accounts send spam – but it put in mind ofs us of how much more difficult it is to block malicious activity when it light on from longstanding and trusted user accounts, not to mention work experiences or relatives,” added Segura.Users who suspect their LinkedIn account may suffer with been compromised are advised to immediately review their account contexts, change their password and enable two-step verification.

Leave a Reply

Your email address will not be published. Required fields are marked *

21