CLIFTON, N.J.–Cybercriminals were stopped before they successfully penetrated a platform popular with many credit union executives: LinkedIn.
According to Comodo Threat Research Lab, it was able to thwart an attack aimed at LinkedIn users that sought to use spearphishing as a means of obtaining access to users’ data.
“This attack demonstrates how sharply cybercriminals raise the complexity of their attacks. For example, this attack merged cyber technologies and manipulative psychology,” said Fatih Orhan, head of the Comodo Threat Research Lab, in a released statement. “This trend will definitely increase, making the landscape of online security increasingly dangerous. The cybersecurity community must be prepared for attacks such as these.”
Comodo Threat Research Lab discovered the latest attack was from two IPs, one in British Columbia the other in Thailand.
There were 14 emails sent from the email address admin@besama.ga (inactive domain) with each email addressed to a different user during January. The email imitated a standard LinkedIn message that a user receives when another user wants to connect, according to Comodo.
While it did resemble a LinkedIn message, there were inconsistencies, noted Comodo, including errors in the email addresses that indicated they were not LinkedIn addresses.
However, many LinkedIn users could have fallen for the phishing attempt, with Comodo noting it
also had the LinkedIn logo and familiar design, including the “View profile” and “Accept” option.
Once the user clicked an option – they were then redirected to the page that looked like the official LinkedIn sign in page, putting the user one-click away from a new perspective contact on LinkedIn, Comodo reported.
“The link led to a page similar the official LinkedIn URL, but instead, it was a phishing site created by cybercriminals to steal LinkedIn user credentials,” the company said. “If users submitted their login and password, the credentials went right into the wrong hands.”
Why LinkedIn? According to Comodo,“Cybercriminals hunt for credentials because it is a powerful springboard for further malicious activity. They can use account information to support a multitude of criminal activities, including fraud, identity theft, even terrorism propaganda. Cybercriminals also try to use stolen credentials to break into other accounts, including online banking. They know most people use the same password for different accounts and obtain additional private information about users to aid in future spear-phishing or social engineering attack.
LinkedIn is a major interest for cybercriminals because it’s the place of vibrant business activity. A huge number of potential targets can be found on LinkedIn, such as high-ranking C-level employees at leading companies.”
LinkedIn users, said Comodo, should watch for warning signs, including when the real LinkedIn page does not populate after putting in credentials.