LinkedIn Phishing Spoof Bypasses Google Workspace Security

We Keep you Connected

LinkedIn Phishing Spoof Bypasses Google Workspace Security

A phishing email purportedly from LinkedIn with the subject line “We noticed some unusual activity” was discovered targeting users at a travel organization, in an attempt to pilfer their credentials on the social-media platform.
The phishing campaign slipped past Google’s email security controls after cheating email authentication checks via SFP and DMARC, according to Armorblox, whose email security system at the victim organization found and stopped the attack pointed at some 500 user inboxes.
“The main call-to-action button (Secure my account) included within the email contains a bad URL and took victims to a fake landing page. This fake landing page … mimicked a legitimate LinkedIn sign in page that included LinkedIn logos, language, and illustrations that mirrored true LinkedIn branding,” Armorblox wrote in a post about the attack campaign.
Copyright © 2022 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.

source

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE