Cyber attacks use LinkedIn to target companies and employees

A lot of ‘recruitment’ messages I get through LinkedIn look like phishing attempts, but maybe that’s just me being cynical. LinkedIn can be very useful for keeping up with current and past contacts and for research but it’s a double-edged sword as it’s an OpSec liability..:

[…] The attacks, which ESET researchers have called Operation In(ter)ception, took place from September to December 2019 and are notable for using LinkedIn-based spearphishing.

According to ESET, the attackers employ effective tricks to stay under the radar and supposedly have financial gain, in addition to espionage, as a goal.

The LinkedIn message describes a believable job offer, seemingly from a well-known company in a relevant sector. Files were sent directly via LinkedIn messaging, or via email containing a OneDrive link.

For the latter option, the attackers created email accounts corresponding with their fake LinkedIn personas.


Original article here