Tuesday, May 20, 2025
HomePhishingBeware !! LinkedIn User Credentials Stealing via Sophisticated Phishing Attack

Beware !! LinkedIn User Credentials Stealing via Sophisticated Phishing Attack

Published on

SIEM as a Service

Follow Us on Google News

Nowadays Linkedin is suffering by many Social Engineering attack that is used to harvesting the user Credentials and Linkedin is widely used Professional Network which is always Big Fish For hackers to Target and Stealing the users account and other information.

A New Phishing Attack Targeting Linkedin users that spreading via Compromised Linkedin Accounts to steal the user Credentials by sending Phishing Links to their contacts via private message and also to external members via email.

Already Conpromised Accounts including Premium membership accounts that have the ability to contact other LinkedIn users (even if they aren’t a direct contact) via the InMail feature

This Phishing Link  Widely Spreading Champaign that Mimics as Legitimate Gmail and other Email Provides Login Page.

- Advertisement - Google News

According to Malwarebytes Research, The main page is followed by an additional request for a phone number or secondary email address and ultimately the user sees a decoy Wells Fargo document hosted on Google.

Also Read: New Vulnerability Discovered in LinkedIn Messenger That Allow to Spread Malware and Compromise the Victims PC

How Does It Spreading via Private Message

Most of the Phishing URL spreading via private Messages from trust accounts that were Already hacked.

Message Contains the information that meant to be shared the Document from GoolgeDoc Drive with a Link via the Ow.ly URL shortener.

Phishing Attack

Phishing Message

Shortened URL’s are very good Source to Spreading Malicious URL’s and Malware and it is using for legitimate Purpose as well.

Once Victims Click the shortened URL, it will Direct to the hacked Website page which is built as a Gmail phish, but will also ask for Yahoo or AOL usernames and passwords.

Phishing Attack

Redirected URL to Fake Gmail Page

The main page is followed by an additional request for a phone number or secondary email address and ultimately the user sees a decoy Wells Fargo document hosted on Google Docs.

In this Case, Linkedin Trusted InMail feature to send the same phishing link. InMail Future used by Linkedin for Directly contact to another Linkedin Member Who is Not Connected and this will also Lead to send Malicious urls via the Account that is not Compromised.

So Beware of the Malicious Phishing Links and Don’t provide any credential information to untrust Website. Be safe and secure.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Accenture Files Leak – New Research Reveals Projects Controlling Billions of User Data

A new research report released today by Progressive International, Expose Accenture, and the Movement...

Kimsuky APT Group Deploys PowerShell Payloads to Deliver XWorm RAT

Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by the notorious Kimsuky Advanced...

More_Eggs Malware Uses Job Application Emails to Distribute Malicious Payloads

The More_Eggs malware, operated by the financially motivated Venom Spider group (also known as...

RedisRaider Campaign Targets Linux Servers by Exploiting Misconfigured Redis Instances

Datadog Security Research has uncovered a formidable new cryptojacking campaign dubbed "RedisRaider," specifically targeting...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

W3LL Phishing Kit Launches Active Campaign to Steal Outlook Login Credentials

Cybersecurity researchers have recently uncovered a sophisticated phishing campaign leveraging the notorious W3LL Phishing...

Microsoft 365 Users Targeted by Tycoon2FA Linked Phishing Attack to Steal Credentials

A new wave of targeted phishing campaigns, linked to the Tycoon2FA group, has been...

New Phishing Attack Poses as Zoom Meeting Invites to Steal Login Credentials

A newly identified phishing campaign is targeting unsuspecting users by masquerading as urgent Zoom...