- Hackers take advantage of LinkedIn notifications to trick users into providing their login credentials
- Phishing emails are often presented as urgent job opportunities to manipulate recipients.
- Fraudulent domains like “inedin[.]digital” imitates LinkedIn to gain trust
Experts have warned that hackers are increasingly exploiting LinkedIn notifications to trick users into providing sensitive login information, using highly realistic emails that mimic legitimate alerts.
New research from Cofense describes how these campaigns are often presented as job opportunities, leveraging urgency and curiosity to manipulate recipients into engaging with malicious links.
Attackers primarily rely on emotional triggers to bypass rational caution and gain access to accounts.
Article continues below.
Attackers manipulate emotions to bypass user caution
Malicious emails often appear to come from recruiters at reputable companies, with convincing logos, fonts and formatting.
The research team observed that even the smallest details are deliberately copied from authentic LinkedIn pages to build trust, with the fake domain “inedin[.]digital” very similar to the legitimate LinkedIn website.
Fraudulent sender addresses, such as “khanieteam[.]com,” are similarly designed to avoid immediate suspicion, despite having no affiliation with LinkedIn.
Many of the spoofed websites and email accounts were created just months or even days before the attacks, demonstrating the speed with which threat actors can deploy new campaigns.
These attackers are not static; They constantly refine their technical sophistication to achieve their goal.
Cofense also reports that campaigns increasingly incorporate publicly available personal data, including home addresses and mapped locations, to increase credibility.
In one notable example, attackers included screenshots of Google Maps in extortion emails, a deceptive measure to convince recipients.
Personalization and automation make these campaigns cheaper and faster to launch than traditional phishing attacks.
Cofense provided technical details, including email Indicators of Compromise (IOCs), lists of observed IP addresses, and payload URLs, to help cybersecurity professionals detect and mitigate these schemes.
Phishing emails are often translated from other languages, such as Chinese, demonstrating the global reach of these campaigns.
Even minimal delays in analyzing these attacks can result in compromised credentials; therefore, organizations must implement a rapid response.
Being aware of malware threats is critical as it is often used by attackers to harvest credentials and compromise devices.
Users are advised to remain alert when receiving unexpected notifications from LinkedIn and to verify the authenticity of senders before clicking on links.
Cofense recommends combining human intelligence with automated threat detection to allow security teams to neutralize campaigns before they have widespread impact.
Regularly updated antivirus software can provide an extra layer of protection against malicious attachments and harmful links.
Security experts emphasize the importance of carefully checking URLs, avoiding shortcuts to login pages, and confirming communication through official channels.
A strong firewall can also help block unauthorized access and prevent attackers from exploiting system vulnerabilities.
That said, thinking twice before engaging with these types of emails remains the most effective step against increasingly convincing phishing attacks.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
