LinkedIn, one of the biggest professional networking and personal branding platforms, has once again become the center of attraction. And this time, the reason is phishing attacks!

Hackers are strategically executing phishing attacks on LinkedIn Smart Links with the sole purpose of cracking through Microsoft account credentials.

Cybersecurity experts discovered that this phishing campaign that lasted between July and August 2023 targeted construction, manufacturing, financial, healthcare and energy sectors.

 

 

Surprisingly enough, this is not the first time that LinkedIn Smart Links have been targeted by hackers. A similar incident took place back in 2022 when Slovakian LinkedIn users were being targeted. The phishing actors at that time tried to pose as the Slovakian Postal Service and managed to convince the users to pay shipping charges.

 

What are LinkedIn Slinks?

Introduced back in 2016, Slinks or LinkedIn Smart Links are an integral part of the app’s Sales Navigator feature. These Smart Links supports lead generation and improves sales by facilitating a simplified marketing and tracking system.

A business account user can easily share marketing content via emails and track those who engage with the emails. A typical Slink comprises of the LinkedIn domain followed by an 8-character code parameter.

 

LinkedIn Slink Phishing Scam Leverages Authentic Appearance?

When a user clicks on the malicious Slink, they will be redirected to an almost-legitimate-looking clone page. This, in reality, is a phishing kit that collects all the sensitive data of the user.

 

LinkedIn phishing scams most clicked with a 47% open rate

Image sourced from locksandsecuritynews.com

 

The trustworthy LinkedIn domain present in the malicious Slink further builds credibility among unsuspecting users.

Ultimately, the user goes on and type in their password and BOOM- their Microsoft account and other sensitive details get compromised.

 

What to Do If You Have Already Clicked on a Malicious Link?

The credibility of a LinkedIn domain and the “legitimate-looking” interface of the phishing page can easily lure you to click on a malicious link.

In that case, here are a few things that you must do immediately!

 

Avoid panicking and try to gain back control of the situation.

Panicking will only worsen the situation. Stay calm and composed. Get clarity of thoughts and think of the next steps that can save you from any kind of fraud and scams. Remember, you cannot undo what has happened. So, it is better to focus on what can be done further to prevent any severe repercussions.

 

Avoid any further interaction with the website.

Once you realize that you have clicked on a malicious link and your log-in credentials have been compromised, you must not interact further with the website. 

Don’t click on any link that may pop up on the screen. Avoid filling in any further details. Keep an eye out for any kind of automatic downloads, and cancel them out as soon as possible! 

 

 

 

Change all your login credentials and other important passwords.

The next thing that you must do is to alter all the important passwords. For instance, you should change the passwords for your banking app, social media profiles, and email IDs.

Make sure you create different passwords for different accounts.

 

Report the phishing incident to the cyber crime department

Get in touch with the cybersecurity department, local authorities, and other relevant platforms and keep them updated about the phishing scam. Follow their guidance and do not hesitate to take legal course of action against the threat actors.

 

Keep a close check on your financial accounts.

Keep an eye on suspicious bank transactions. Check your balance in intervals. In case you notice any transaction that you have not done yourself, then inform your bank authority immediately. If needed, take the necessary steps to block your credit and debit cards.

 

Keep tracking any kind of suspicious activities such as fraud or identity theft.

Monitor your credit reports and financial accounts closely. In case you notice any unusual activity or fraudulent messages, inform the relevant authorities.

Generally, you should sign up for identity theft protection services as they keep you updated about any suspicious activities and security breaches.

 

 

It is true that digitization has brought a paradigm shift in the business arena. However, hackers and phishing experts have found multiple security loopholes using which they can conveniently make their way to your sensitive information.

The only key is to stay vigilant and well-informed about the phishing and security trends in your industry. This includes staying up-to-date with the latest phishing protection strategies, participating in phishing awareness training, ensuring you’re well-equipped to handle any potential threats.