Phishing, Identity

Bogus LinkedIn message alerts enable credential siphoning

LinkedIn mobile icon app on screen smartphone iPhone closeup. LinkedIn is a social network for finding and establishing business contacts.

Malicious actors have been distributing fraudulent LinkedIn alert messages for potential job opportunities to facilitate credential exfiltration in a new phishing campaign, Cybernews reports.

Illiict Chinese-language emails resembling LinkedIn notifications detail a message from a purported headhunter from a reputable firm that deceives recipients into clicking a button to communicate with alleged recruiter, findings from a Cofense analysis showed. Doing so redirects victims to a fake LinkedIn page with the "inedin[.]digital" domain that seeks to pilfer their user credentials. Such a campaign indicates that escalating advancement and persistence of phishing tactics, according to Cofense Phishing Defense Center researcher Enrico Silverio.

"Remaining vigilant, verifying sources, and thinking twice before clicking are essential steps in defending ourselves against increasingly creative cyberattacks," Silverio added. The findings come months after Cofense researchers reported on the increasing prevalence of personalized phishing campaigns that integrated victims' home addresses and Google Maps screenshots into extortion emails.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds