How to Recognize and Prevent Common LinkedIn Phishing Emails

Recently, we've been getting news of new LinkedIn-related phishing attacks. According to the news, the hackers use an array of assorted schemes in order to pressure their targets into visiting web pages laced with malware. The basics of these attacks are to create notifications, messages, and pages that present a seemingly credible fake of a legitimate website in order to trick users.

It seems that instead of sending in-service messages the criminals have appropriated the authentic text and visuals used by LinkedIn and created seemingly identical emails. Inside they integrated malware hyperlinks to infect their victims. The fake emails were then sent to the targets using different domains. One of the most commonly used ones is, which is currently disabled.

Currently, there is no available data on how the hackers behind the phishing emails have managed to get their hands on the emails of the victims. One theory is that this is done via information gathered from browser hijackers and malware websites. These hijackers and websites are produced in large numbers and form a huge network. One of the more curious pieces of information we have is the fact that the attackers use a gimmick that attempts to hide their digital fingerprints. That trick is using timed malware links that can expire once they have been clicked on. These criminals use different legitimate websites in signatures and other accompanying materials in the emails. This composite tactic can be used to circumvent spam filters and security measures.

If the victims interact with the hyperlink in any way they will see a counterfeit LinkedIn login page displayed. Should they enter their user credentials, they will be immediately surrendered to the attackers. This is not the only thing that can happen to the targets, though. Such behavior can also be linked to the following cases:

Malware Delivery
Some phishing emails don't want your user credentials. Instead, they want to infect you with ransomware, trojans, or other types of malware.

Browser Hijackers
In other cases, the attackers may utilize fraudulent tactics to send a fake LinkedIn extension to you as well as other types of browser hijackers. These hijackers look like useful add-ons but don't be fooled. If they are installed they will change the default settings (your home page, new tabs page, and your search engine) ones that belong to the attackers. They'll also install some malware on your device designed to collect data on you.

Malware Scripts
The hackers can also embed assorted scripts will harass you with an endless supply of pop-ups, banners, and other unwanted content.

Details about the new LinkedIn Phishing Email scam

The new LinkedIn phishing scam apparently takes advantage of a social engineering tactic. The attackers send out personalized email messages containing the victim's user credentials and email address. Your personal info is stolen by the infection engine by automatically visiting your profiles and hijacking the requested information. That data is then put into the email generation module which creates the messages.

If you receive such an email and interact with the fake sites you will be redirected to a fake login page asking for your user data. DO NOT ENTER IT or the hackers will automatically get your user credentials and use them for ID theft and some other nasty things. Alternatively, they can auction off your information to interested parties, or just try to straight up blackmail you.

June 20, 2019

Leave a Reply