LinkedIn is being used by hackers to spread data stealing malware via sending connection requests in disguise of people working with reputed companies.
Researchers reportedly found that scammers are exploiting Microsoft-owned LinkedIn’s chat and job posting features to share links and files that are laced with stealer malware.
Since most LinkedIn users accept any and all connection requests they receive, scammers can easily make connections and build credibility on the platform, according to various reports.
After building credibility, the actors share malicious files and links, which are then opened by unsuspecting victims.
Once opened, a stealer malware is deployed on the victim’s system, from which it steals passwords, credit card information, and other sensitive data, and sends it to the threat actors.
Discussing the new LinkedIn scam with City A.M. today, Jake Moore, a global cyber security advisor at ESET, said that “LinkedIn is not only a powerful business tool but it’s becoming more of a social media platform than just for professional use.”
“With this in mind, cyberciminals have naturally taken advantage of this and are attempting to exploit users who may be too quick to click on connections,” he explained.
“Attachments and links on LinkedIn messaging must be treated as cautiously as you would treat unsolicited emails. People often view messages via LinkedIn with more verification and a sense of credibility which can affect the safety of the victim with their guard down,” Moore concluded.