Phishers tricking users via fake LinkedIn Private Shared Document

2021-02-18 13:07

Phishers are trying to trick users into opening a "LinkedIn Private Shared Document" and entering their login credentials into a fake LinkedIn login page, security researcher JB Bowers warns.

The phishing message is delivered via LinkedIn's internal messaging system and looks like it has been sent by one of the victim's contacts.

As Bowers pointed out, "There is no such thing as a 'LinkedIn Private Shared Document'," and this should ring targets' alarm bell.

Perhaps the phishers are indiscriminate in who they target, but compromising high-value targets might allow them to more successfully target a greater number of LinkedIn contacts or pivot into stealing even more critical credentials.

"If you see any more LinkedIn messages like this [] you'll want to let that person know out of band that their account has been compromised and that they should update their LinkedIn password, as well as report the abuse to LinkedIn," Bowers advised.

Finally, if the compromised LinkedIn password has been used on other accounts and sites, it has to be changed there as well - ideally to a new, unique one).

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/4v80fjo_K5s/

#linkedin #phisher