Comodo Experts Prevent Attack on LinkedIn Users

Cybercriminal attacks on social media user accounts to gain access to user credentials are becoming more refined and sophisticated. Comodo Threat Research Lab recently thwarted an attack aimed at LinkedIn users.

“This attack demonstrates how sharply cybercriminals raise the complexity of their attacks. For example, this attack merged cybertechnologies and manipulative psychology,” says Fatih Orhan, head of the Clifton, N.J. based Comodo Threat Research Lab. “This trend will definitely increase, making the landscape of online security increasingly dangerous. The cybersecurity community must be prepared for attacks such as these. Comodo clients did not suffer from this attack because Comodo software blocked the phishing emails, preventing the emails from reaching their intended targets.”

Comodo Threat Research Lab discovered that the latest attack was from two IPs: one from British Columbia, Canada and the other from Thailand. The attack started on February 1, 2018.

Phishing email tricks, often based on deception, play a primary role in these attacks. There were 14 emails sent from the email address admin@besama.ga (an inactive domain) with each email addressed to a different user during January. The email imitated a standard LinkedIn message that a user receives when another user wants to connect.

While it did resemble a LinkedIn message, there were inconsistencies. The email addresses in the “From” and “Reply” fields were not actual LinkedIn email addresses. It also had the LinkedIn logo and familiar design, including the “View profile” and “Accept” option.

Once the user clicked an option they received redirection to a page that looked like the official LinkedIn sign in page, putting the user one-click away from a new perspective contact on LinkedIn. The link led to a page similar the official LinkedIn URL, but instead was a phishing site created by cybercriminals to steal LinkedIn user credentials. If users submitted their login and password, the credentials went right into the wrong hands.

“Cybercriminals hunt for credentials because it is a powerful springboard for further malicious activity. They can use account information to support a multitude of criminal activities, including fraud, identity theft, even terrorism propaganda,” Orhan said.

Cybercriminals also try to use stolen credentials to break into other accounts, including online banking. They know most people use the same password for different accounts and obtain additional private information about users to aid in future spearphishing or social engineering attacks.

LinkedIn is a major interest for cybercriminals because it is the place of vibrant business activity. A huge number of potential targets exist on LinkedIn, such as high-ranking C-level employees at leading companies.

Comodo detailed some LinkedIn attack tricks:

• First, the users can click on the malicious link only one time, the URL then expires and the phishing page disappears. Comodo Threat Research Lab believes this is a trick cybercriminals use to cover their tracks, allowing them to remain undetectable for longer period.
• Secondly, a special feature of this attack is the social engineering approach. Comodo experts found similar phishing email attacks imitate senders from Kuwait and Saudi Arabia. This is a psychological trick, as many people in business world associate these countries with wealth, which increases chances the user takes the bait.
• Additionally, the phishing email imitated a real LinkedIn message and used the name of the company and person with an account on LinkedIn. These cybercriminals take it a step further, using websites to support the phishing message.