- Phishers target CFOs via LinkedIn, pretending to be a fake investment fund
- Victims are tricked into entering Microsoft credentials on fake login pages
- Non-email phishing now accounts for 34% of tracked attacks, up from 10% in three months
A new phishing campaign is targeting CFOs and other high net worth individuals on LinkedIn with the aim of stealing their Microsoft credentials as well as session cookies.
Security researchers at Push Security say the campaign is not via email, as is common with these types of attacks, but directly on LinkedIn, where targets would receive a direct message from someone claiming to be part of a newly created “Common Wealth” investment fund.
“I am excited to extend to you an exclusive invitation to join the Executive Board of Common Wealth investment fund in South America in partnership with AMCO – Our Asset Management branch, a bold new venture capital fund launching an investment fund in South America,” the phishing message said.
Extending the reach
Clicking on the link takes the victim through a series of redirects, most of which are designed to bypass automated security solutions and various scanners. This is done, among other things, with CAPTCHAs and Cloudflare Turnstile.
Finally, the victim is shown a prompt to sign in to their Microsoft account, but even though the landing page looks almost identical to the legitimate Microsoft login page, it belongs to the attackers and relays the information their way. It includes not only the login information, but also session cookies that ensure they stay logged in even if the victim decides to change the password.
Phishing is one of the oldest scams on the Internet, but Push Security notes that the pivot to LinkedIn signals a broader change where email is no longer the only avenue of attack:
“Phishing doesn’t just happen in email anymore,” said Jacques Louw, Chief Product Officer at Push Security. “Over the past month, about 34% of the phishing attempts we tracked came through places like LinkedIn and other non-email channels – up from less than 10% three months ago. Attackers are learning where people are actually communicating and how to effectively target them – and defenders need to keep up.”
We’d also argue that this also has to do with the fact that email security has improved over the years, making it incredibly difficult for phishing messages to reach people’s inboxes.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
