"Attackers are increasingly shifting from email to LinkedIn to spread phishing attempts. Security company Push intercepted an advanced LinkedIn phishing attack that combines multiple evasion techniques to circumvent detection. Phishing via LinkedIn is on the rise, although it often goes unnoticed. This is because much of the phishing data comes from email security providers. LinkedIn falls outside the scope of traditional anti-phishing controls, while employees often use the platform via business devices. This creates a security blind spot that attackers cleverly exploit."
"In this recent attack, the victim received a malicious link via a LinkedIn message. After clicking, the user went through three redirects via Google Search and payrails-canaccord[.]icu before a specially crafted landing page appeared, hosted on firebasestorage.googleapis[.]com. By using trusted services such as Google Firebase, attackers reduce the risk of links being detected by security tools. The attack chain ends at a Microsoft-imitating phishing page where credentials and MFA authentication are stolen."
LinkedIn messages are being used to deliver sophisticated phishing links that bypass email-focused defenses. Attackers send malicious links that chain through trusted domains such as Google Search and payrails-canaccord[.]icu before landing on content hosted on firebasestorage.googleapis[.]com. The final page imitates Microsoft and harvests credentials and MFA authentication. The campaign uses Cloudflare Turnstile to block automated scanners, long redirect chains to evade link analysis, and randomized page elements and dynamic encoding to defeat static fingerprinting. Many enterprise controls exclude LinkedIn traffic, creating a blind spot when employees access the platform on business devices.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]