LinkedIn’s Smart Links feature is currently being exploited by hackers in phishing campaigns to bypass email protection solutions and redirect users to malicious sites.
Once again, cybercriminals are not lacking in ingenuity when it comes to circumventing a security feature! This time, it is LinkedIn’s Smart Links function that is exploited, as reported by analysts at Cofense. This is an enterprise-grade feature that is available to Sales Navigator users. It allows you to share documents from a single link.
Unsurprisingly, all this is accompanied by various statistics on the use of these links, including the number of consultations. One can imagine that cybercriminals will be able to use analytical data to optimize their malicious campaign!
For now, Cofense analysts detected campaigns targeting Slovak users, but this technique could well develop and also affect French users. In this case, these campaigns are decoys directed at the Slovak postal services, including an e-mail supposedly from “Slovenská posta” where the user is invited to pay the costs of a package awaiting shipment. Even though the technique of using LinkedIn’s Smart Links function seems new, the subject of the e-mail is a classic.
Here is an example of an email:
This email contains a confirmation button that embeds a LinkedIn Smart Link URL (“linkedin[.]com/slink?code=g4zmg2B6“) containing variables for the purpose of redirect the victim to a phishing page. Here, the functionality is clearly misused since the user is redirected to a malicious page, whereas normally it is used for advertising, marketing pages, etc.
Once on the page, which is a copy of the official page of the service “Slovenská posta“, the user must pay the sum of 2.99 euros. So of course, here, it’s not the money that pirates are directly interested in, but rather the possibility of collect credit card numbers.
For its part, LinkedIn claims to be working on this issue in order to strengthen the protection of users and prevent LinkedIn from being used as a bounce in phishing campaigns.