LinkedIn Phishing Scam: Scammers Using This New Trick To Steal Your Credentials, Here's How To Stay Safe

LinkedIn

has been in the game as one of the most trusted platforms to get jobs and maintain a professional network. However, scammers have not even spared this platform, and we have a new way of duping people used by scammers on the platform. This new phishing scam is focused on stealing the Microsoft login credentials of users and is mostly targeting high-value people on the platform. The scam has been brought into light by Push Security. The agency said that they have detected and blocked a high-risk LinkedIn phishing attack.

How The LinkedIn Phishing Scam Works?

According to Push Security, victims are connected through a direct message on the platform from profiles that look genuine. The scammers then send an invitation for executives to join the board of a recently created 'Commonwealth' investment fund. As mentioned by Mint, one of the fake messages read, 'I'm excited to extend an exclusive invitation for you to join the Executive Board of the Commonwealth Investment Fund in South America in partnership with AMCO - Our Asset Management branch, a bold new venture capital fund launching an Investment Fund in South America.'Now, at a glance, the offer sounds like it holds high value and could work as a major career milestone for the receiver. But, in actuality, the real scam kicks off from here, as the victim has to go through a link to review the order and accept the position. As soon as the victim clicks on the link, they are redirected to an attacker-controlled site followed by a custom landing page that is hosted on firebasestroage.googleapis.com. Now, when the victim clicks on the document links on the page, they are taken to a custom-made adversary in the middle (AiTM) phishing page that looks identical to the official Microsoft login screen. Writing any credentials on this page could directly mean your account is on the verge of getting compromised.Also Read: Fake RTO Challan Scam On WhatsApp: Your Bank Account Is At Risk, Here's How To Stay SafeA blogpost by Push Security said, 'Attackers are using common bot protection technologies like CAPTCHA and Cloudflare Turnstile to prevent security bots from accessing their web pages to be able to analyse them (and therefore block pages from being automatically flagged).'This is a clear indication that phishing attacks are getting sophisticated with each passing day. What was previously an issue people saw only on mails has now moved to social media apps and is spreading like wildfire. In these times, all users of any social media apps are suggested to be a little more cautious and think twice before clicking a link or entering their credentials anywhere.