LinkedIn Phishing Message
With European Cyber Security Month concluding earlier this week and ‘awareness’ being the keyword, I thought it would be worthwhile sharing a recent LinkedIn phishing message I had received.
What is phishing?
Phishing is a type of scam where criminals attempt to gain personal or sensitive information by appearing to be from a legitimate company or contact. Historically phishing was associated (or at least most common) with email, but can include social networks, SMS and other messaging platforms.
Social engineering is used in order to create a message that tricks the recipient into believing it is from the sender and then guiding them to access an external website, fill in a form or download a malicious attachment.
With this type of attack becoming more and more common, raising awareness is vital in ensuring you are not the next victim. Let’s take a closer look at the tactics being used in this case…
I received a LinkedIn message from an existing connection who used to supply services to Frontline. The message was worded as a marketing email and introduced a new service that was on offer. Along with a text description a link to Google Drive was provided for more information. This is where my story stops as I did not click on the Google Drive link…however, from other accounts of similar attacks, the link would have either taken you to Google Drive with a further link to a malicious website, or requested you input your Google user name, email address or password in order to access the document.
So why didn’t I click on the link? Well on first inspection it looked legitimate, it was from someone I knew, the company logo was visible in a preview of the document and I had been sent links to documents stored elsewhere in the past. However, there were some alarm bells ringing:
- Time: the message was sent at 5:34am – whilst my contact was a hard worker, a pre 6am sales pitch seemed a bit much!
- Last Contact: I hadn’t recently been in contact with the sender and this message implied it was following up from a recent conversation
- Wording: the message appeared to be in a relatively formal tone which wasn’t the relationship I had with my connection
At this stage, I gave my contact a call to see if this message was from them and before I got through, was advised by the receptionist that if I was calling about a LinkedIn message, then can I ignore it as the account had been compromised.
With my suspicions confirmed, I replied to the message on LinkedIn out of curiosity along the lines of ‘Hi, thanks for the message. Just to double check, is this actually you or am I about to download a virus to my computer?!’. Within 2 minutes I got a reply back saying ‘Yes, it is me!’.
This is just one example how cyber criminals are adapting their approaches to not only target the IT environment but also the individual. You can find out more by downloading our whitepaper – ‘Cyber Security: The Growing Problem Inside Your Business’.
If you have any questions about this blog or cyber security in general, then get in contact with a member of the team.