A new phishing scam on LinkedIn has come up, which has been targeting professionals worldwide by pretending to offer exclusive executive board invitations so as to steal their work passwords.
Cybersecurity researchers have also warned users that this new attack aims to capture corporate login credentials, that too especially Microsoft 365 and Google Workspace passwords.
The scam begins when users receive a message on LinkedIn in which it is mentioned that it is inviting them to join a fakeorganisationn or executive board.
This board can be anything, such as the “Executive Board of the Commonwealth Investment Fund.”
The message appears legitimate anda true message, using professional language and even branding to gain the user’s trust.
Once the victim clicks on the link provided, they are redirected through several pages, and then they eventually land on a fake Microsoft login page. When users enter their credentials, the information is instantly sent to the cyber attackers.
Experts from the famous Push Security have also revealed that the attackers are using advanced methods to avoid any kind of fake detection, including CAPTCHA tools like Cloudflare Turnstile. All of this helped in making the phishing sites appear genuine.
In addition to stealing the workplace passwords, the attackers are also capturing session cookies. This means they can stay logged into their accounts even if users might have changed their passwords later, making the attack even more dangerous.
Once the hackers gain their access to corporate accounts, they can potentially reach all the kind of sensitive data, even the internal emails, and various company systems. This can lead to data breaches, identity theft, and other security risks.
Users are strongly advised to be cautious about all the kind of fake LinkedIn messages, especially those that promise exclusive opportunities or those messages that require logging in through external links.
