Warning: New scam targeting 1.2 billion LinkedIn accounts

24 hours ago
2 min read

With a massive user base of 1.2 billion members, LinkedIn is not only the world's largest professional network but also a "gold mine" for cybercriminals. While its scale may be smaller compared to giants like Facebook or Instagram, the value of professional data and expert information hosted there is immense.

Recently, security experts issued a serious warning regarding a sophisticated attack campaign aimed at hijacking user accounts. If you or your business are using this platform, it is time to heighten your vigilance to protect yourselves.

Why is LinkedIn a prime target?

Research from the Cofense Phishing Defense Center indicates that LinkedIn is frequently targeted due to its unique nature. It is a hub for professional networking and business exchange, but users also tend to access this social network outside of working hours or on personal devices-which often fall outside the organization's rigorous security perimeters.

Exploiting this vulnerability, attackers have deployed Phishing campaigns. This involves creating content that looks identical to the real thing to deceive users into providing their login credentials or clicking on malicious links.

Là nền tảng không nằm trong hệ thống bảo mật nghiêm ngặt, LinkedIn trở thành mục tiêu hàng đầu của tin tặc — *LinkedIn has become a top target for hackers as it often sits outside of strict corporate security systems - Image source: BBC News*

The "one-click" fraud tactic

The latest phishing campaign discovered utilizes a highly sophisticated operational method. Attackers send notification emails with interfaces that are nearly indistinguishable from official LinkedIn communications.

The most common content is the notification: "Someone sent you a message." This is a routine alert that any LinkedIn user receives regularly, which effectively lowers their defenses. According to experts, these emails are meticulously crafted, from fonts and logos to formatting and subject lines. Even the sender's display name is spoofed to appear completely legitimate.

Driven by curiosity or the urge to check on work-related matters, users may click the link in the email. They are immediately redirected to a fake login page; if they enter their credentials, their account is instantly hijacked.

Thủ đoạn lừa đảo thông qua email khiến tài khoản có thể bị chiếm quyền ngay lập tức — *Phishing tactics via email can lead to immediate account takeover - Image source: Forbes*

Red flags to watch for

No matter how sophisticated they are, these attacks often leave behind "red flags." In this campaign, the "bait" is often a message from an individual claiming to be an employee of a reputable company, proposing a promising business collaboration.

The key indicator is that the perpetrator always demands that you "contact them urgently to discuss." Creating a sense of urgency is a classic psychological tactic used by cybercriminals. In the face of such pressing requests, both Google and the FBI advise: slow down and verify information thoroughly before taking any action.

How to protect your account against threats

While waiting for more comprehensive technical solutions and responses from LinkedIn, users should proactively leverage the security tools available on the platform. LinkedIn currently offers several highly useful optional features:

Malicious message alerts: The system automatically identifies and issues a warning if it detects unusual signs.
Scam detection features: Helps filter out suspicious content before it reaches you.

In the digital age, personal information and professional accounts are valuable assets. Keeping a cool head, not rushing into "urgent" notifications, and always verifying the source of an email is the best way to ensure you do not become the next victim of cross-border phishing campaigns.

Reference: Forbes