27 Jan 2021

In the ‘LinkedIn Identity Theft’ attack, the attacker impersonates a policy change notification from the company, LinkedIn, in order to steal highly confidential information, such as the victim’s social security number.

‘LinkedIn Identity Theft’ attack

Cybercriminals constantly search for unique social engineering tactics, in order to dupe their victims. However, in this type of cyber-attack, attackers rely on the reputability and trust bestowed in social media and networking platforms, such as LinkedIn. Through impersonating the trusted networking site, attackers attempt to exploit important credentials of victims.

In this attack, the recipient receives an email from what appears to be LinkedIn, containing a policy change notification. The email body only includes an HTML attachment, named ‘PolicyChange2845’, while the subject reads - ‘Changes that affect you’, promoting the recipient to open the file.

Furthermore, while the sender’s name is LinkedIn, the actual sending email address is ‘policychange@fzx.com’, which has no relation to LinkedIn.

Malicious attachment payload

When opening the email attachment, the recipient is lead to fill out a form that looks similar to the LinkedIn login or sign up page

When opening the email attachment, the recipient is lead to fill out a form that looks similar to the LinkedIn login or sign up page. This form contains input fields for the recipient’s name, social security number, date of birth and driver’s licence.

Should the recipient fall for this attack and fill out the form that they are prompted with, they will have released highly confidential information. The attacker would not only have their name and date of birth, but also their social security number and driver’s licence information, leaving them at high risk for identity theft.

Convincing landing page for an effective attack

When first opening the attachment, it appears to look like an official LinkedIn page. The attacker includes the LinkedIn logo on the form and makes it look nearly identical to the legitimate form that appears on LinkedIn’s official website.

Summary of attack target:

  • Platform: Office 365
  • Mailboxes: 10,000+
  • Victims: VIP
  • Payload: Malicious Attachment
  • Technique: Impersonation

Related Links

Physical security in 2021: Post-pandemic solutions
Biometrics provides industries with security, access control, and data protection
Unlocking human-like perception in sensor-based technology deployments
Securing empty premises: Product performance is everything