Sunday, July 21, 2024
EHA

Beware !! LinkedIn User Credentials Stealing via Sophisticated Phishing Attack

Nowadays Linkedin is suffering by many Social Engineering attack that is used to harvesting the user Credentials and Linkedin is widely used Professional Network which is always Big Fish For hackers to Target and Stealing the users account and other information.

A New Phishing Attack Targeting Linkedin users that spreading via Compromised Linkedin Accounts to steal the user Credentials by sending Phishing Links to their contacts via private message and also to external members via email.

Already Conpromised Accounts including Premium membership accounts that have the ability to contact other LinkedIn users (even if they aren’t a direct contact) via the InMail feature

This Phishing Link  Widely Spreading Champaign that Mimics as Legitimate Gmail and other Email Provides Login Page.

According to Malwarebytes Research, The main page is followed by an additional request for a phone number or secondary email address and ultimately the user sees a decoy Wells Fargo document hosted on Google.

Also Read: New Vulnerability Discovered in LinkedIn Messenger That Allow to Spread Malware and Compromise the Victims PC

How Does It Spreading via Private Message

Most of the Phishing URL spreading via private Messages from trust accounts that were Already hacked.

Message Contains the information that meant to be shared the Document from GoolgeDoc Drive with a Link via the Ow.ly URL shortener.

Phishing Attack

Phishing Message

Shortened URL’s are very good Source to Spreading Malicious URL’s and Malware and it is using for legitimate Purpose as well.

Once Victims Click the shortened URL, it will Direct to the hacked Website page which is built as a Gmail phish, but will also ask for Yahoo or AOL usernames and passwords.

Phishing Attack

Redirected URL to Fake Gmail Page

The main page is followed by an additional request for a phone number or secondary email address and ultimately the user sees a decoy Wells Fargo document hosted on Google Docs.

In this Case, Linkedin Trusted InMail feature to send the same phishing link. InMail Future used by Linkedin for Directly contact to another Linkedin Member Who is Not Connected and this will also Lead to send Malicious urls via the Account that is not Compromised.

So Beware of the Malicious Phishing Links and Don’t provide any credential information to untrust Website. Be safe and secure.

Website

Latest articles

Hackers Claiming Dettol Data Breach: 453,646 users Impacted

A significant data breach has been reported by a threat actor known as 'Hana,'...

CrowdStrike Update Triggers Widespread Windows BSOD Crashes

A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users,...

Operation Spincaster Disrupts Approval Phishing Technique that Drains Victim’s Wallets

Chainalysis has launched Operation Spincaster, an initiative to disrupt approval phishing scams that have...

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles