- Phishers attack financial executives through LinkedIn, posing as a fake investment fund
- Victims are tricked into entering Microsoft credentials on spoofed login pages
- Non-email phishing now accounts for 34% of tracked attacks, up from 10% in three months.
A new phishing campaign is targeting financial executives and other high-net-worth individuals on LinkedIn, with the goal of stealing their Microsoft credentials as well as session cookies.
Security researchers at Push Security say the campaign is not carried out via email, as is common in these types of attacks, but directly on LinkedIn, where targets would receive a direct message from someone claiming to be part of a newly created “Common Wealth” investment fund.
“I am pleased to extend an exclusive invitation to you to join the Executive Board of the Common Wealth investment fund in South America in partnership with AMCO – Our Asset Management branch, a bold new venture capital fund launching an investment fund in South America,” the phishing message states.
Expanding the scope
By clicking on the link, the victim goes through a series of redirects, most of which are designed to bypass automated security solutions and different scanners. This is done, among other things, with CAPTCHA and Cloudflare Turnstile.
Finally, the victim is shown a message to sign in to their Microsoft account, but although the landing page looks almost identical to the legitimate Microsoft sign-in page, it belongs to the attackers and passes the information to them. That includes not only login credentials, but also session cookies, ensuring that they remain logged in even if the victim decides to change the password.
Phishing is one of the oldest scams on the Internet, but Push Security notes that the shift toward LinkedIn signals a broader shift in which email is no longer the only avenue of attack:
“Phishing doesn’t just happen in email anymore,” said Jacques Louw, product manager at Push Security. “Over the last month, about 34% of the phishing attempts we’ve tracked have come through places like LinkedIn and other non-email channels, compared to less than 10% three months ago. Attackers are getting smarter about where people are actually communicating and how to target them effectively, and defenders need to keep up.”
We could also argue that this also has to do with email security improving over the years and making it incredibly difficult for phishing messages to reach people’s inboxes.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
