Huge Data Breach from LinkedIn Phishing for Job-cravers!!!

The fraudsters are spoofing LinkedIn accounts to target 'Open to Work' job hunters, who are also being preyed on by huge data-cringing bot attacks. With the latest pandemic situation, job seekers who are emotionally vulnerable and willing to share their information, are prime targets for social engineering campaigns. Cybercriminals got easy access to those gigs with 'Great Resignation' in full swing. According to recent research,phishing email attacks imitating LinkedIn hiked around 230 percent, attempting to trick job seekers into giving up their credentials. These attacks lead by flattering them into believing their profile is being viewed and their experience is relevant to said company.

The emails had subject lines that would be luring to job seekers hoping to get noticed, like:

• "Who's searching for you online,"
• "You appeared in 4 searches this week" or
• "You have 1 new message,"

Source:Egress

The phishing emails themselves were convincing traps, built-in HTML templates with the LinkedIn logo, colors, and icons. The scammers also name-checked well-known companies throughout the bodies of the phishing emails, including American Express, to make the correspondence seem more authentic. Even the email footer replicates the original address of headquarters and unsubscribes options.

Once the user clicks on the malicious links in the email, they were directed to a site to input their LinkedIn logins and passwords. The display name and the emails will follow the similar pattern of LinkedIn and the different web mails addresses they use have zero correlation with each other.

LinkedIn has suggested all their account holders turn on two-factor authentication and also report suspicious messages and help them learn more about what they can do to protect themselves.

Besides using potential job leads to trapping users into coughing up their credentials, also there were pieces of evidence of 400 million bot requests over 400,000 unique IP addresses within 3-4 days to extract data of job seekers. According to recent research, it was discovered to have collected at least 1.2 billion user records that were later sold on underground forums.After such an incident LinkedIn warns its users not to expose information publicly and how it could be used to trick them into clicking on a malicious link.