Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

Phishers Spread Malicious Links Via Hacked LinkedIn Accounts


grimm

Recommended Posts

Researchers are warning of a new phishing campaign using hijacked LinkedIn accounts to send malicious links in private messages and InMail.

Jérôme Segura, lead malware intelligence analyst at Malwarebytes, made the discovery, revealing that the fraudulent messages sometimes come from hacked Premium accounts.

“The fraudulent message includes a reference to a shared document and a link that redirects to a phishing site for Gmail and other email providers which require potential victims to log in,” he explained.

“Those who proceed will have their username, password, and phone number stolen but won’t realize they were duped right away. Indeed, this phishing scam ends on a tricky note with a decoy document on wealth management from Wells Fargo.”

The phishing messages in question abuse link shortening service ow.ly and free hosting provider gdk.mx to redirect to the phishing page, which is hosted on a hacked website, Segura added.

Malwarebytes has also spotted attackers abusing LinkedIn’s trusted InMail service to send the same link.

It even includes a custom security footer to add authenticity to the scam. Segura warned that while the delivery mechanism can be trusted in this case, the content most definitely cannot.

“The same can be said for phishing pages that use HTTPS – which is the case here – making content delivery secure but the content itself fraudulent,” he added.

InMail can only be sent from Premium accounts, meaning the phishers have compromised one of these to help their campaign.

“We do not know how (malware, other phishing attacks, etc.) or how many LinkedIn accounts were compromised in this campaign,” wrote Segura.

“It’s also unclear whether the shortened URLs are unique per hacked account or not, although we think they might be. The user whose account was hacked had over 500 connections on LinkedIn and based on Hootsuite‘s stats, we know 256 people clicked on the phishing link.”

He advised anyone finding their account has been compromised to immediately review and change their log-ins and switch on two-factor authentication, as well as posting an explanatory update to let contacts know what happened.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Check out what our members are saying

  • Our picks

×
×
  • Create New...