This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. To find out more about the cookies we use, see our privacy policy

close

Contact sales

close

Contact sales

close

Contact sales

close

Contact sales

close

Contact sales

close

Contact sales

close

Contact sales

Scanning Result for

Don't close this window or your scan will stop. Large companies can take 10+ minutes, smaller companies can take a few seconds. Maximum of 5 scans per visitor. Please get in touch with us at sales@dynarisk.com or book a demo for more information.
Critical
High
Medium
Low
Risk Signals ?
Risk Signals (?)
Vulnerabilities (?)
Hacker Chatter (?)
Infostealers (?)
Digital Footprint (?)
Leaked Data (?)
Want to experience the full power of Breach Check?
Book a Demo

Maximum scans hit

Start Trial

How cybercriminals are using LinkedIn to steal Microsoft credentials

How cybercriminals are using LinkedIn to steal Microsoft credentials

As with any kind of scam, whether it's in-person or digital, the primary goal of hackers is to make it look as authentic as possible, in order to increase the chances of the victim falling for the scam. Hackers use many different tactics to create authentic-looking scams, from fraudulent websites to believable phishing campaigns. Some even use social media accounts that look very real, with genuine-looking photos and followers. Unfortunately, due to the constant improvements made by hackers, the vast resources available online, and the use of AI, it's becoming increasingly difficult to spot scams.

In this post, we'll examine a two-step phishing scam. In this type of scam, hackers use different channels to make the campaign seem even more authentic instead of just directing people to the malicious link or attachment.

We've recently seen reports of a scam that uses a multi-step approach, starting with an initial account takeover and resulting in compromised Microsoft 365 credentials. Here's how it works:

Step 1 - Account takeover

The initial stage of this process entails hacking LinkedIn profiles that were once genuine and not fake. Since there are no obvious indications that a hacker controls these profiles, it's difficult to identify the compromise. The hackers use the hacked accounts to contact LinkedIn users who are connected to the compromised account, and these users are, of course, unaware of the situation.

This first step boosts the authenticity of the request, as the message is coming from a legitimate connection and not an unknown sender.

Step 2 - Phishing via LinkedIn

The second step of the attack involves the hacker using the compromised account to send phishing messages to the connections. In this example, the message tells the unsuspecting connection that they are working on a confidential project and think the recipient's skills could be useful as part of it.

Step 3 - A legitimate landing page 

This is where the attempt adds another layer of ‘trust’ with the recipient. The recipient is directed to a legitimate One Drive landing page where they are prompted to click another link, to download the project details.

Step 4 - Malicious landing page 

After unknowingly engaging with the malicious link, the user is redirected to a fake verification prompt, which directs them to a fake One Drive landing page that asks for their Microsoft 365 credentials.

Step 5 - Account compromise

When users enter their login details, hackers can obtain them and gain access to the account. This can have serious consequences, as once hackers get hold of credentials for one employee, they can potentially navigate through a company's network. This can result in further accounts or even entire networks becoming compromised.

How can employees protect themselves?

Employees should be sceptical when receiving requests to download an attachment or click a link. It is highly recommended that they verify the request before taking any action, regardless of whether it comes from a trusted colleague or not. Even if it takes just a few seconds, it is always better to give them a call and confirm the authenticity of the request.

While it is not uncommon to receive legitimate requests or messages, it is better to be safe than sorry when dealing with such communications. Here are some steps that your customers can take to avoid engaging with fraudulent messages.

  • Always verify communications before engaging
    • Ask them for their phone number to discuss the opportunity.
    • Ask them to copy and paste the details instead of sending an attachment or link due to security reasons.
    • If you already know the contact, drop them an email or phone call separately to check with them.

 

If still unsure - it is better to hold off and not engage at all until the communication is verified. 

  • Ensure that antivirus, antimalware and firewalls are in place and are up to date
  • Ensure that regular cyber training is conducted throughout the business so that all employees are vigilant both inside and outside of work
  • Ensure that 2-step verification is in place across all applications and that strong passwords are used across all accounts.
    • The worst thing that could happen is that a hacker compromises a password that is reused heavily as this opens the door to wider access.
  • Ensure that the business is being regularly scanned for breaches, vulnerabilities and other risks
    • Although this doesn’t necessarily prevent a phishing attempt, strong security measures are crucial to minimise how much damage a hacker can cause if they do get into the network by tricking an employee.

 

We help businesses stay protected with ease using Breach Defence, our all-in-one cyber risk monitoring tool for businesses. Designed with SMEs in mind, Breach Defence combines passive scans, employee education, dark web monitoring and phishing simulation to prepare businesses and staff - helpling to avoid cyberattacks. Find out more