cofense2022stg.wpengine.com Open in urlscan Pro
34.74.117.101  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * Blog
 * Customer Resource Center
 * Contact Support
 * Contact Us

Menu
 * Blog
 * Customer Resource Center
 * Contact Support
 * Contact Us

 * Stop Threats
   
   End-to-End Email Security
   
   Defend your organization with a complete email security solution designed to
   identify, protect, detect & respond to threats.
   
   Security Awareness Training
   
   Condition your workforce against today’s latest threats and transform them
   into your front line of defense.
   
   Global Intelligence Network
   
   Protect your organization with our deep analysis into the current threat
   landscape and emerging trends.
   
   Cofense vs. The Competition
   
   See why the Cofense Intelligent Email Security suite stands out against the
   competition 
   
   Business Email Compromise (BEC)
   
   BEC amounts to an estimated $500 billion-plus annually that’s lost to fraud.
   Ensure your business is protected.
   
   Ransomware & Malware
   
   Phishing is the #1 attack vector for ransomware attacks. Stop phishing
   attacks in their tracks.
   
   Credential Theft
   
   Protect your user’s credentials and avoid a widespread, malicious attack.

 * Solutions
   
   Email Security for the Enterprise
   
   Complete threat protection, detection and response tailored for enterprise
   businesses.
   
   Email Security for the Mid Market
   
   Security awareness training + email security protection purpose-built for
   your mid-market organizations.
   
   Email Security for Managed Service Providers (MSPs)
   
   Best-in-Class Phishing Protection and Simulations designed for MSPs, from the
   ground up.
   
   Managed Email Security Solutions
   
   Protect your organization from attacks with managed services from the Cofense
   Phishing Defense Center™.
   
   Detect and Stop Attacks
   
   Automatically identify and quarantine email threats across your organization
   in minutes.
   
   Analyze & Remediate Reported Threats
   
   Accelerate threat detection and response, empowering fast resolution.
   
   Actionable Insight into Emerging Threats
   
   Protect your organization with our deep analysis into the current threat
   landscape and emerging trends.
   
   Security Awareness Training
   
   Condition your workforce against today’s latest threats and transform them
   into your front line of defense.
   
   Security Awareness Training + Threat Protection
   
   Growing companies can get protection, realistic simulations and security
   awareness training all in one platform.
   
   Easily Report Suspected Threats
   
   Report suspicious threats with just one click.
   
   Empower Your Team
   
   Train employees through an with award-winning Learning Management System.

 * Clients
   
   Industries We Serve
   
   Businesses from all industries rely on Cofense to safeguard their teams.
   
   What Our Customers Say
   
   Global organizations trust Cofense to protect their most critical assets.

 * Resources
   
   Knowledge Center Hub
   
   Check out our resource library of solution content, whitepapers, videos and
   more.
   
   Events & Webinars
   
   Come see us at a local event or join us at an upcoming webinar.
   
   Blog
   
   Stay current on cybersecurity trends, market insights and Cofense news.
   
   Check Your SEG
   
   See the real threats that are currently evading your Secure Email Gateway
   (SEG).

 * About
   
   About Cofense
   
   Cofense stops email security threats and protects your company through our
   network of 35+ Million human reporters.
   
   News Center
   
   See the latest articles, press releases and more in our news center.
   
   Awards
   
   It’s an honor to be recognized in the cybersecurity market. Check out our
   recent awards.
   
   Partners
   
   Grow your business, drive new revenue streams, and improve your competitive
   posture through our Partner Program.
   
   Careers
   
   We’re looking for passionate people to join us in our mission to stop all
   email security threats for organizations around the globe.
   
   Management Team
   
   Get to know our management team.

X

Get a Demo



RESURGENCE OF LINKEDIN SMART LINKS IDENTIFIED IN SIZABLE CREDENTIAL PHISHING
CAMPAIGN

 * October 11, 2023

Home » Blog » Resurgence of LinkedIn Smart Links Identified in Sizable
Credential Phishing Campaign

Share Now

Facebook
Twitter
LinkedIn

By: Nathaniel Raymond

In 2022, the Cofense Phishing Defense Center (PDC) detected phishing campaigns
that used LinkedIn links called Smart Links or “slink” to bypass security email
gateway or SEG to deliver credential phishing, which was covered previously in
the smart links LinkedIn blog. Smart links are links utilized by a LinkedIn team
or business account connected to LinkedIn Sales Navigator services that provide
content and track engagement metrics. A year later, in late July into August, a
resurgence of Smart Links was identified in a sizable credential phishing
campaign targeting Microsoft Office credentials creeping into inboxes once
again. While Smart Links in phishing campaigns are nothing new, Cofense
identified an anomaly of over 800 emails of various subject themes, such as
financial, document, security, and general notification lures, reaching users’
inboxes across multiple industries containing over 80 unique LinkedIn Smart
Links. These links can come from newly created or previously compromised
LinkedIn business accounts.


KEY POINTS:

 * LinkedIn Smart Links are connected to LinkedIn’s Sales Navigator services for
   marketing and tracking solutions for team and business accounts. This may
   suggest that these accounts are either newly created or previously
   compromised LinkedIn business accounts, allowing threat actors insight into
   the phishing campaign with its tracking capabilities.
 * LinkedIn is a trusted brand with a trusted domain name that can allow
   malicious actors to take advantage of when sending emails with Smart Links
   embedded into them. This will enable emails to bypass SEGs and other security
   suites.
 * Cofense identified large-scale phishing attacks using LinkedIn Smart Links as
   early as 2021.
 * In 2023, Cofense Intelligence received and identified a phishing campaign
   comprising over 800 emails and 80 unique Smart Links in late July into
   August, targeting various industries.


WHAT ARE LINKEDIN SMART LINKS?

A LinkedIn Smart Link is used by LinkedIn business accounts to deliver content
and track user content engagements through LinkedIn’s Sales Navigator services.
The Smart Link uses the LinkedIn domain followed by a “code” parameter with an
eight-alphanumeric character ID that may contain underscores and dashes.
However, malicious Smart Links can include other parts of information, such as
obfuscated victim emails, as seen in Figure 1.



Figure 1: Malicious Smart Link Structure. 

The designated phishing kit will read the victim’s email attached to the Smart
Link to autofill the malicious form to add to the illusion of legitimacy that
the victim has landed at the legitimate Microsoft sign-in. However, a Smart Link
will still lead to a credential phishing page without the victim’s email in the
URL.


THE LINKEDIN SMART LINKS CAMPAIGN

Using LinkedIn Smart Links is not a new tactic. However, Cofense does not
consistently see many emails that use Smart Links. Despite the scarcity of
malicious emails, Smart Links have proven themselves to bypass SEGs and other
email security suites due to the link using a trusted domain. The emails use
generic subject lines that fit the themes of financial, human resources,
documents, security, and general notifications. Figure 2 is an example of a
malicious email.



Figure 2: Email Example Using HR and Payroll Themes 

Upon clicking the link in the email, the user will be sent directly or through a
series of redirects to the phish. Once at the phish, the user will be instructed
to log in using their Microsoft Office credentials. The phishing pages are made
to appear as generic and legitimate as possible, as shown in Figure 3, to
encompass the large industry target spread. Notice in Figure 3 that an example
email address is used in the URL address bar, which auto-fills the form upon
landing on the phishing landing page.



Figure 3: Phishing Page Example 


WHO WERE TARGETED?

Looking deeper into the data, Cofense witnessed that this campaign targeted
several industries. However, the Finance and Manufacturing sectors were the most
targeted, as shown in Figure 4. Despite Finance and Manufacturing having higher
volumes, it can be concluded that this campaign was not a direct attack on any
one business or sector but a blanket attack to collect as many credentials as
possible using LinkedIn business accounts and Smart Links to carry out the
attack.



Figure 4: Top 10 Industries Targeted by LinkedIn Smart Links 


CONCLUSION

While LinkedIn Smart Links have been used in phishing attacks over the years,
this campaign was an anomaly of over 800 emails sending over 80 unique Smart
Links using an unknown number of created or previously compromised LinkedIn
business accounts. This campaign has been seen to blanket across industries,
with the Finance sector being the number one target, harvesting mainly Microsoft
Office credentials. Malicious actors abuse the Smart Links to bypass SEGs to
reach the inbox of their intended victim due to the inherent trust of the link’s
domain, LinkedIn.com. While it’s important to use email security suites, it is
also essential for employees to constantly be up to date on their training to
combat any phishing campaign. Employees must be taught not to click links from
emails that seem suspicious or unexpected.


READ MORE RELATED PHISHING BLOG POSTS


HTML ATTACHMENTS USED IN MALICIOUS PHISHING CAMPAIGNS SKYROCKET: INCREASE 168%
FROM 2022 AND 450% FROM 2021

Read More »
July 18, 2023


MICROSOFT: 6 KEY SECURITY VULNERABILITIES PUTTING YOUR ORGANIZATION AT RISK

Read More »
July 18, 2023


2023 COFENSE PHISHING INTELLIGENCE TRENDS REVIEW: Q2

Read More »
July 24, 2023

1602 Village Market Blvd, SE #400
Leesburg, VA 20175

(888) 304-9422

Facebook-f Twitter Linkedin Youtube


COMPANY

 * What We Do
 * How We Do It
 * About
 * Contact Us
 * Legal
 * Privacy Policy


RESOURCES

 * Knowledge Center Hub
 * Events & Webinars
 * Blog
 * Check Your SEG
 *  
 *  

Get a Demo
©2023 Cofense. All rights reserved.

This site is registered on wpml.org as a development site.


We use our own and third-party cookies to enhance your experience by showing you
relevant content, personalizing our communications with you, and remembering
your preferences when you visit our website. We also use them to improve the
overall performance of our site. You can learn more about the cookies and
similar technology we use by viewing our privacy policy. By clicking ‘Accept,’
you acknowledge and consent to our use of all cookies on our website.

Accept