Microsoft Two-Step Phishing Campaign Attack LinkedIn Users

The professional and personal online spheres are merging as social media platforms like Facebook, LinkedIn, and WhatsApp are now commonly used for work communication. Their integration creates cybersecurity vulnerabilities. 



Threat actors can target employees on social media using their accounts accessed from work devices.



These accounts act as attack vectors, allowing unauthorized access to the organization’s systems. 



A new LinkedIn threat combines breached users’ accounts and an evasive 2-step phishing attack.



A recent Python-based infostealer called Snake targets Facebook users with malicious messages.



By tricking users into downloading malware, Snake steals sensitive browsing data to hijack accounts. 



It highlights how social media is a potential attack vector for stealing credentials and compromising corporate systems. 



“Sales Proposal” Office Word document hosted on onedrive.live.com LinkedIn is a social media platform for professional networking that is vulnerable to attacks due to the abundance of publicly available user data. 



Attackers can harvest email addresses for surveys and use fake profiles to deliver malware through phishing attacks. Perception Point recently discovered a new attack that combines compromised user accounts with a 2-step phishing scheme to bypass detection. 






Document

@import url('https://fonts.googleapis.com/css2?family=Poppins&display=swap');
@import url('https://fonts.googleapis.com/css2?family=Poppins&family=Roboto&display=swap');
*{
margin: 0; padding: 0;
text-decoration: none;
}
.container{
font-family: roboto, sans-serif;
width: 90%;
border: 1px solid lightgrey;
padding: 20px;
background: linear-gradient(2deg,#E0EAF1 100%,#BBD2E0 100%);
margin: 20px auto ;
border-radius: 40px 10px;
box-shadow: 5px 5px 5px #e2ebff;
}
.container:hover{
box-shadow: 10px 10px 5px #e2ebff;

}
.container .title{
color: #015689;
font-size: 22px;
font-weight: bolder;
}
.container .title{
text-shadow: 1px 1px 1px lightgrey;
}
.container .title:after {
width: 50px;
height: 2px;
content: ' ';
position: absolute;
background-color: #015689;
margin: 20px 8px;
}
.container h2{
line-height: 40px;
margin: 2px 0;
font-weight: bolder;
}
.container a{

color: #170d51;
}
.container p{
font-size: 18px;
line-height: 30px;

}

.container button{
padding: 15px;
background-color: #4469f5;
border-radius: 10px;
border: none;
background-color: #00456e ;
font-size: 16px;
font-weight: bold;
margin-top: 5px;
}
.container button:hover{
box-shadow: 1px 1px 15px #015689;
transition: all 0.2S linear;

}
.container button a{
color: white;
}
hr{
/ display: none; /
}

Run Free Threat Scan on Your Mailbox to Stop Phishing


Protect Your Business Emails with AI-Powered Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

Compromised LinkedIn accounts had been exploited to launch social engineering attacks. The attackers sent messages to the victim’s network, pretending to be a trusted connection (1st degree). 



An example of a deceptive message from a compromised account The messages contain a malicious link disguised as a legitimate OneDrive document link, often using the lure of a confidential project to trick the victim into clicking it, leading to an account takeover. 



Attackers use a hidden JavaScript payload that shows fake protection DDoS display screen Phishing actors utilize a two-step attack. First, they trick victims into clicking a URL that leads to a legitimate OneDrive page hosting a malicious Word document. 



Free Webinar for DIFR/SOC Teams : Securing the Top 3 SME Cyber Attack Vectors - Register for Free



Second, the document embeds a URL redirecting victims through a fake Cloudflare verification prompt before landing on a phishing webpage designed to steal Microsoft 365 credentials. 



3rr0r Hun73r – the threat actor behind the phishing website The phishing page’s HTML code reveals it originates from a group called “3rr0r Hun73r” that creates and sells phishing kits. 



Social media’s popularity creates a vulnerability for enterprises where hackers exploit employees’ social media use within work browsers to steal personal and corporate data. 



Secure your emails in a heartbeat! Take our free 30-second assessment and get matched with your ideal email security vendor.
The post Microsoft Two-Step Phishing Campaign Attack LinkedIn Users appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform .