Phishing Attack  - Linkedin Phishing - Beware !! LinkedIn User Credentials Stealing via Sophisticated Phishing Attack

Nowadays is suffering by many Social Engineering that is used to harvesting the and Linkedin is widely used Professional Network which is always Big Fish For to Target and the users account and other information.

A New Attack Targeting Linkedin users that spreading via Compromised Linkedin Accounts to steal the user Credentials by sending Links to their contacts via private message and also to external members via email.

Already Conpromised Accounts including Premium membership accounts that have the ability to contact other LinkedIn users (even if they aren’t a direct contact) via the InMail feature

This Phishing Link  Widely Spreading Champaign that Mimics as Legitimate Gmail and other Email Provides Login Page.

According to Malwarebytes Research, The main page is followed by an additional request for a number or secondary email address and ultimately the user sees a decoy Wells Fargo document hosted on .

Also Read: New Vulnerability Discovered in LinkedIn Messenger That Allow to Spread Malware and Compromise the Victims PC

How Does It Spreading via Private Message

Most of the Phishing URL spreading via private Messages from trust accounts that were Already hacked.

Message Contains the information that meant to be shared the Document from GoolgeDoc Drive with a Link via the Ow.ly URL shortener.

Phishing Attack  - Phishing message - Beware !! LinkedIn User Credentials Stealing via Sophisticated Phishing Attack

Phishing Message

Shortened URL’s are very good Source to Spreading Malicious URL’s and Malware and it is using for legitimate Purpose as well.

Once Victims Click the shortened URL, it will Direct to the hacked Website page which is built as a Gmail phish, but will also ask for Yahoo or AOL usernames and passwords.

Phishing Attack  - phishing - Beware !! LinkedIn User Credentials Stealing via Sophisticated Phishing Attack

Redirected URL to Fake Gmail Page

The main page is followed by an additional request for a phone number or secondary email address and ultimately the user sees a decoy Wells Fargo document hosted on Google Docs.

In this Case, Linkedin Trusted InMail feature to send the same phishing link. InMail Future used by Linkedin for Directly contact to another Linkedin Member Who is Not Connected and this will also Lead to send Malicious urls via the Account that is not Compromised.

So Beware of the Malicious Phishing Links and Don’t provide any credential information to untrust Website. Be safe and secure.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here