Once again, we are here to report on another novel way that hackers and scammers have found to bypass automatic cybersecurity protocols and catch you off guard. This new type of scam uses LinkedIn Smart Links to evade the automatic virus and malware detectors built into your email inbox so that they can send you to fake websites and try to steal your credit card details. Here is what you need to know.
A group of threat analysts at cybersecurity specialists Cofense have discovered a new type of attack that embeds phishing links into LinkedIn Smart Links. Smart Links are and enterprise level product available to LinkedIn business users that allows them to send up to 15 documents with a single link. The feature also includes use analytics and usage reports meaning that as well as offering a way to bypass user security, the Smart Links feature also offer scammers access to an analytics suite for tracking the performance of their attacks.
Cofense has noticed that this new form of attack has been targeting Slovakian users in the form of emails telling them they need to pay for the delivery of a parcel. The combination of a slick email header looking legitimate, and the bypassing of the automated inbox security protocols means users are vulnerable at this point to falling for the scam. If they do and click the link, they are taken a fake payment where they will be asked to input their payment details to cover the small fee. Doing so, however, will simply hand over their card details to the scammer.
Interestingly, LinkedIn did respond to Bleeping Computer when they questioned them about the vulnerability saying that they always take action against malicious actors they find targeting users with phishing scams. As always, however, this story reiterates the need to be vigilant when you are online as sometimes the automated defense systems you think are protecting you will fail, and your attention will be your last line of defense.
As always, we highly recommend you check out our infographic guide for spotting scam emails and dodgy links.
