LinkedIn Phishing

February 22, 2021

One of the news items in an upcoming DarkCyber talks about LinkedIn phishing exploits. I want to mention this method of hijacking or intruding into a system for two reasons. First, Microsoft has been explaining and reframing the SolarWinds’ security misstep for a couple of months. The Redmond giant has used explanations of the breach to market its Windows and Azure security systems. LinkedIn is a Microsoft property, and it seems as if Microsoft would clamp down on phishing attacks after it lost some of the source code to Exchange and a couple of other Microsoft crown jewels. Second, LinkedIn, like Microsoft Teams, is going through a featuritis phase. The service is making publishing, rich media, in message links, and group functions more easily available. The goal is to increase the social network’s value and revenue, particularly among those seeking employment. There’s nothing like a malicious exploit that kills a job hunter’s computing to brighten one’s day.

The article “Phishers Tricking Users via Fake LinkedIn Private Shared Document” explains the exploit. The write up says:

The phishing message is delivered via LinkedIn’s internal messaging system and looks like it has been sent by one of the victim’s contacts. The message urges the recipient to follow a third-party link to view a document.

If you want more details, check out the full Help Net Security post.

In the wake of SolarWinds, I think that Microsoft needs to button up its security. Less marketing and more substantive action seems to be appropriate. Microsoft will be the plumbing for the JEDI program. What vulnerabilities exist within this system? Hopefully none, but recent events and this LinkedIn phishing information suggest reality is insecure.

Stephen E Arnold, February 22, 2021

Comments

One Response to “LinkedIn Phishing”

  1. Zeeb on February 26th, 2021 4:29 pm

    I received an email that immediately looked like spam. In this email my sister supossedly added a message on my linkedin profile. As the mail was suspicious, I deleted it from my phone and reported spam. Then I moved to my laptop and entered the linkedin address from the keyboard directly in the url bar. Attempt to login I realized that I did not have a password, I clicked on the forgot password, and I received a message telling me: with this email I cannot login. Then a shortened form appeared to me in which there was a place to enter an email account and button find to click. I entered the same email and after a while I received an email with a pin number to restore my password. I missed the fact that the first time I could not log in with this e-mail, and now I have a pin code in my e-mail box without any problems. I changed my password and logged in to the website. I saw my sister’s alleged entry, blocked the recipient and deleted the entry. I decided to establish a 2 factor authentication, updated the phone number, and logged out of the website hoping logging in with 2FA. Activation code for 2FA has not appeared.
    I logged in to the web with only a password, without any problems, thought the fact that I set up 2FA on the website. From that moment my doubts began to appear. I changed my phone number on linkedin to my second private one. And I sent a request for a code, this one came in a very strange form, each character of the message was preceded by an @. I deleted my account from my linkedin profile. I suspect that the website address was substituted from the beginning, It would mean that I have some malware installed on a Macbook pro with Big Sur updated. Is it possible?

Got something to say?





  • Archives

  • Recent Posts

  • Meta