A new phishing campaign on LinkedIn is targeting finance executives to steal their Microsoft login credentials. Unlike traditional email-based attacks, cybercriminals are using direct messages on the professional networking platform to deceive high-value individuals with a more sophisticated approach.
The campaign was discovered by cybersecurity firm Push Security, which recently detected and blocked what it described as a high-risk phishing attempt on LinkedIn.
How the scam works
According to Push Security, the attackers begin by sending a direct message to potential victims from what appears to be a genuine LinkedIn profile. The message invites the recipient to join the executive board of a newly formed “Commonwealth” investment fund.
“I’m excited to extend an exclusive invitation for you to join the Executive Board of the Commonwealth investment fund in South America in partnership with AMCO – Our Asset Management branch, a bold new venture capital fund launching an Investment Fund in South America,” the fake message reads.
The offer appears professional and prestigious, designed to appeal to finance leaders who may see it as a valuable career opportunity. However, the real attack begins when the target clicks on the document link provided in the message, supposedly to review details about the position.
Clicking the link initiates a series of redirects — first through Google Search, then to an attacker-controlled website, and finally to a landing page hosted on firebasestorage.googleapis[.]com. Once there, users are prompted to open a document “with Microsoft”.
Victims are then directed to a convincing fake Microsoft login page created using adversary-in-the-middle (AiTM) phishing techniques. This page perfectly imitates the official Microsoft interface. When the user enters their credentials and completes the sign-in, their details are captured and stolen by the attackers.
The sophisticated use of LinkedIn’s messaging platform and AiTM phishing methods makes this campaign particularly dangerous, as it bypasses traditional email-based security filters. Cybersecurity experts advise users to verify all unsolicited invitations, avoid clicking unfamiliar links, and enable multi-factor authentication to protect their accounts.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
