New phishing scam on LinkedIn is using fake board offers to steal credentials

A new phishing scheme is making waves on LinkedIn, specifically aiming to compromise the Microsoft credentials of finance professionals. Deviating from traditional phishing tactics, this sophisticated attack focuses on high-profile individuals, as revealed by cybersecurity firm Push Security. The campaign was recently uncovered when Push Security detected and thwarted a significant phishing attempt on LinkedIn. Victims are approached through direct messages from profiles that appear legitimate. The attackers extend invitations to join the executive board of a fictitious investment fund called "Commonwealth," claiming it is a partnership with AMCO, their asset management division. The fraudulent message entices recipients with an exclusive opportunity, proclaiming, "I'm excited to extend an exclusive invitation for you to join the Executive Board of the Commonwealth investment fund in South America, a bold new venture capital fund launching an Investment Fund in South America." This enticing offer lures targets into believing they are on the verge of a major career advancement. However, the real deception lies in the message's embedded link to a document that the victim is urged to review. Clicking this link initiates a series of redirects, first through Google Search, then to a site controlled by the attackers, and finally landing on a custom page hosted on firebasestorage.googleapis[.]com. Here, the victim is prompted to access the document using Microsoft. This step leads them to a meticulously crafted adversary-in-the-middle (AiTM) phishing page that resembles the official Microsoft login screen. If victims enter their credentials on this page, the attackers capture this sensitive information. Push Security notes that these attackers employ standard bot protection measures like CAPTCHA and Cloudflare Turnstile to evade detection by security bots, making it more challenging for users to identify the fraudulent pages. This evolution in phishing strategies signals a shift from email-based attacks to social media platforms, prompting organizations to remain vigilant against this new threat. The firm cautions that the implications of such attacks are significant, stating, "Just because the attack occurs on LinkedIn doesn't diminish its impact—these are corporate accounts being targeted, even if the application is ostensibly personal. Compromising essential identities like Microsoft or Google accounts can lead to widespread risks, affecting data integrity across both primary and ancillary applications accessed through single sign-on from the breached account."