cofense2022stg.wpengine.com
Open in
urlscan Pro
34.74.117.101
Public Scan
URL:
https://cofense2022stg.wpengine.com/blog/linkedin-smart-links-credential-phishing-campaign/
Submission: On October 12 via api from TR — Scanned from DE
Submission: On October 12 via api from TR — Scanned from DE
Form analysis
0 forms found in the DOMText Content
* Blog * Customer Resource Center * Contact Support * Contact Us Menu * Blog * Customer Resource Center * Contact Support * Contact Us * Stop Threats End-to-End Email Security Defend your organization with a complete email security solution designed to identify, protect, detect & respond to threats. Security Awareness Training Condition your workforce against today’s latest threats and transform them into your front line of defense. Global Intelligence Network Protect your organization with our deep analysis into the current threat landscape and emerging trends. Cofense vs. The Competition See why the Cofense Intelligent Email Security suite stands out against the competition Business Email Compromise (BEC) BEC amounts to an estimated $500 billion-plus annually that’s lost to fraud. Ensure your business is protected. Ransomware & Malware Phishing is the #1 attack vector for ransomware attacks. Stop phishing attacks in their tracks. Credential Theft Protect your user’s credentials and avoid a widespread, malicious attack. * Solutions Email Security for the Enterprise Complete threat protection, detection and response tailored for enterprise businesses. Email Security for the Mid Market Security awareness training + email security protection purpose-built for your mid-market organizations. Email Security for Managed Service Providers (MSPs) Best-in-Class Phishing Protection and Simulations designed for MSPs, from the ground up. Managed Email Security Solutions Protect your organization from attacks with managed services from the Cofense Phishing Defense Center™. Detect and Stop Attacks Automatically identify and quarantine email threats across your organization in minutes. Analyze & Remediate Reported Threats Accelerate threat detection and response, empowering fast resolution. Actionable Insight into Emerging Threats Protect your organization with our deep analysis into the current threat landscape and emerging trends. Security Awareness Training Condition your workforce against today’s latest threats and transform them into your front line of defense. Security Awareness Training + Threat Protection Growing companies can get protection, realistic simulations and security awareness training all in one platform. Easily Report Suspected Threats Report suspicious threats with just one click. Empower Your Team Train employees through an with award-winning Learning Management System. * Clients Industries We Serve Businesses from all industries rely on Cofense to safeguard their teams. What Our Customers Say Global organizations trust Cofense to protect their most critical assets. * Resources Knowledge Center Hub Check out our resource library of solution content, whitepapers, videos and more. Events & Webinars Come see us at a local event or join us at an upcoming webinar. Blog Stay current on cybersecurity trends, market insights and Cofense news. Check Your SEG See the real threats that are currently evading your Secure Email Gateway (SEG). * About About Cofense Cofense stops email security threats and protects your company through our network of 35+ Million human reporters. News Center See the latest articles, press releases and more in our news center. Awards It’s an honor to be recognized in the cybersecurity market. Check out our recent awards. Partners Grow your business, drive new revenue streams, and improve your competitive posture through our Partner Program. Careers We’re looking for passionate people to join us in our mission to stop all email security threats for organizations around the globe. Management Team Get to know our management team. X Get a Demo RESURGENCE OF LINKEDIN SMART LINKS IDENTIFIED IN SIZABLE CREDENTIAL PHISHING CAMPAIGN * October 11, 2023 Home » Blog » Resurgence of LinkedIn Smart Links Identified in Sizable Credential Phishing Campaign Share Now Facebook Twitter LinkedIn By: Nathaniel Raymond In 2022, the Cofense Phishing Defense Center (PDC) detected phishing campaigns that used LinkedIn links called Smart Links or “slink” to bypass security email gateway or SEG to deliver credential phishing, which was covered previously in the smart links LinkedIn blog. Smart links are links utilized by a LinkedIn team or business account connected to LinkedIn Sales Navigator services that provide content and track engagement metrics. A year later, in late July into August, a resurgence of Smart Links was identified in a sizable credential phishing campaign targeting Microsoft Office credentials creeping into inboxes once again. While Smart Links in phishing campaigns are nothing new, Cofense identified an anomaly of over 800 emails of various subject themes, such as financial, document, security, and general notification lures, reaching users’ inboxes across multiple industries containing over 80 unique LinkedIn Smart Links. These links can come from newly created or previously compromised LinkedIn business accounts. KEY POINTS: * LinkedIn Smart Links are connected to LinkedIn’s Sales Navigator services for marketing and tracking solutions for team and business accounts. This may suggest that these accounts are either newly created or previously compromised LinkedIn business accounts, allowing threat actors insight into the phishing campaign with its tracking capabilities. * LinkedIn is a trusted brand with a trusted domain name that can allow malicious actors to take advantage of when sending emails with Smart Links embedded into them. This will enable emails to bypass SEGs and other security suites. * Cofense identified large-scale phishing attacks using LinkedIn Smart Links as early as 2021. * In 2023, Cofense Intelligence received and identified a phishing campaign comprising over 800 emails and 80 unique Smart Links in late July into August, targeting various industries. WHAT ARE LINKEDIN SMART LINKS? A LinkedIn Smart Link is used by LinkedIn business accounts to deliver content and track user content engagements through LinkedIn’s Sales Navigator services. The Smart Link uses the LinkedIn domain followed by a “code” parameter with an eight-alphanumeric character ID that may contain underscores and dashes. However, malicious Smart Links can include other parts of information, such as obfuscated victim emails, as seen in Figure 1. Figure 1: Malicious Smart Link Structure. The designated phishing kit will read the victim’s email attached to the Smart Link to autofill the malicious form to add to the illusion of legitimacy that the victim has landed at the legitimate Microsoft sign-in. However, a Smart Link will still lead to a credential phishing page without the victim’s email in the URL. THE LINKEDIN SMART LINKS CAMPAIGN Using LinkedIn Smart Links is not a new tactic. However, Cofense does not consistently see many emails that use Smart Links. Despite the scarcity of malicious emails, Smart Links have proven themselves to bypass SEGs and other email security suites due to the link using a trusted domain. The emails use generic subject lines that fit the themes of financial, human resources, documents, security, and general notifications. Figure 2 is an example of a malicious email. Figure 2: Email Example Using HR and Payroll Themes Upon clicking the link in the email, the user will be sent directly or through a series of redirects to the phish. Once at the phish, the user will be instructed to log in using their Microsoft Office credentials. The phishing pages are made to appear as generic and legitimate as possible, as shown in Figure 3, to encompass the large industry target spread. Notice in Figure 3 that an example email address is used in the URL address bar, which auto-fills the form upon landing on the phishing landing page. Figure 3: Phishing Page Example WHO WERE TARGETED? Looking deeper into the data, Cofense witnessed that this campaign targeted several industries. However, the Finance and Manufacturing sectors were the most targeted, as shown in Figure 4. Despite Finance and Manufacturing having higher volumes, it can be concluded that this campaign was not a direct attack on any one business or sector but a blanket attack to collect as many credentials as possible using LinkedIn business accounts and Smart Links to carry out the attack. Figure 4: Top 10 Industries Targeted by LinkedIn Smart Links CONCLUSION While LinkedIn Smart Links have been used in phishing attacks over the years, this campaign was an anomaly of over 800 emails sending over 80 unique Smart Links using an unknown number of created or previously compromised LinkedIn business accounts. This campaign has been seen to blanket across industries, with the Finance sector being the number one target, harvesting mainly Microsoft Office credentials. Malicious actors abuse the Smart Links to bypass SEGs to reach the inbox of their intended victim due to the inherent trust of the link’s domain, LinkedIn.com. While it’s important to use email security suites, it is also essential for employees to constantly be up to date on their training to combat any phishing campaign. Employees must be taught not to click links from emails that seem suspicious or unexpected. READ MORE RELATED PHISHING BLOG POSTS HTML ATTACHMENTS USED IN MALICIOUS PHISHING CAMPAIGNS SKYROCKET: INCREASE 168% FROM 2022 AND 450% FROM 2021 Read More » July 18, 2023 MICROSOFT: 6 KEY SECURITY VULNERABILITIES PUTTING YOUR ORGANIZATION AT RISK Read More » July 18, 2023 2023 COFENSE PHISHING INTELLIGENCE TRENDS REVIEW: Q2 Read More » July 24, 2023 1602 Village Market Blvd, SE #400 Leesburg, VA 20175 (888) 304-9422 Facebook-f Twitter Linkedin Youtube COMPANY * What We Do * How We Do It * About * Contact Us * Legal * Privacy Policy RESOURCES * Knowledge Center Hub * Events & Webinars * Blog * Check Your SEG * * Get a Demo ©2023 Cofense. All rights reserved. This site is registered on wpml.org as a development site. We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website. Accept