LinkedIn ‘Dream Job’ Scam Targets Professionals ..?
Cybersecurity firm Push Security reports a new LinkedIn phishing scam targeting high-level professionals.
Unlike traditional phishing, attackers are now sending messages directly on LinkedIn instead of email.
Finance leaders and executives are primary targets due to their access to sensitive company accounts and data.
The scam message mimics a legitimate LinkedIn profile, making it appear trustworthy.
Victims are invited to join the Executive Board of a supposed “Commonwealth” investment fund.
The language used is formal and exciting, designed to create a sense of prestige and career opportunity.
Messages contain links to documents or proposals that the victim is asked to review.
First, a google Search link.
Then, a website controlled by the attacker.
Finally, a page hosted on Firebase Storage. googleapis[.]com.
The final page appears normal, but asks for microsoft login credentials.
The page is a convincing replica of the real microsoft sign-in page.
Entering credentials gives attackers full access to the victim’s microsoft account.
CAPTCHA and other tools are used to evade detection by security systems, making the scam harder to block.
Attackers can access emails, files, business tools, and other company apps linked through single sign-on.
This can lead to broader corporate security breaches, data leaks, or financial risks.
Be cautious of job offers or links received through LinkedIn, even from seemingly legitimate profiles.
Verify the source of any job invitation before clicking links or entering credentials.
Organizations should educate employees on phishing tactics beyond email, including professional networking platforms.
Unlike traditional phishing, attackers are now sending messages directly on LinkedIn instead of email.
Finance leaders and executives are primary targets due to their access to sensitive company accounts and data.
Scam Appears Highly Professional
The scam message mimics a legitimate LinkedIn profile, making it appear trustworthy.
Victims are invited to join the Executive Board of a supposed “Commonwealth” investment fund.
The language used is formal and exciting, designed to create a sense of prestige and career opportunity.
Fake job Links and Redirects
Messages contain links to documents or proposals that the victim is asked to review.
Clicking the link triggers a series of redirects:
First, a google Search link.
Then, a website controlled by the attacker.
Finally, a page hosted on Firebase Storage. googleapis[.]com.
The final page appears normal, but asks for microsoft login credentials.
Microsoft Login Page Is Fake
The page is a convincing replica of the real microsoft sign-in page.
Entering credentials gives attackers full access to the victim’s microsoft account.
CAPTCHA and other tools are used to evade detection by security systems, making the scam harder to block.
Risks of Stolen microsoft Accounts
Attackers can access emails, files, business tools, and other company apps linked through single sign-on.
This can lead to broader corporate security breaches, data leaks, or financial risks.
Safety Recommendations
Be cautious of job offers or links received through LinkedIn, even from seemingly legitimate profiles.
Verify the source of any job invitation before clicking links or entering credentials.
Organizations should educate employees on phishing tactics beyond email, including professional networking platforms.