Cybersecurity researchers have pointed out phishing attacks tricking users with “LinkedIn Private Shared Document”. Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details or other sensitive details, by impersonating oneself as a trustworthy entity in a digital communication. Day by day these phishing attacks are increasing at a rapid pace with phishers launching new and advanced phishing tactics.
In the reported phishing attack, at first a phishing message is delivered to the user via LinkedIn’s internal messaging system. The message appears to be sent by one of the victim’s contacts and urges the recipient to follow a third-party link to view a document. The link actually leads to a fake LinkedIn page where users are asked to fill in their login credentials along with personal details. If the recipients enter their login credentials, their account soon sends out phishing messages to their contacts.
Though the phishers are indiscriminate in who they target, however compromising high-value targets might allow them to more successfully target a greater number of LinkedIn contacts or pivot into stealing even more critical credentials.