In the ‘LinkedIn Identity Theft’ attack, the attacker impersonates a policy change notification from the company, LinkedIn, in order to steal highly confidential information, such as the victim’s social security number.
‘LinkedIn Identity Theft’ attack
Cybercriminals constantly search for unique social engineering tactics, in order to dupe their victims. However, in this type of cyber-attack, attackers rely on the reputability and trust bestowed in social media and networking platforms, such as LinkedIn. Through impersonating the trusted networking site, attackers attempt to exploit important credentials of victims.
In this attack, the recipient receives an email from what appears to be LinkedIn, containing a policy change notification. The email body only includes an HTML attachment, named ‘PolicyChange2845’, while the subject reads - ‘Changes that affect you’, promoting the recipient to open the file.
Furthermore, while the sender’s name is LinkedIn, the actual sending email address is ‘policychange@fzx.com’, which has no relation to LinkedIn.
Malicious attachment payload
When opening the email attachment, the recipient is lead to fill out a form that looks similar to the LinkedIn login or sign up page
When opening the email attachment, the recipient is lead to fill out a form that looks similar to the LinkedIn login or sign up page. This form contains input fields for the recipient’s name, social security number, date of birth and driver’s licence.
Should the recipient fall for this attack and fill out the form that they are prompted with, they will have released highly confidential information. The attacker would not only have their name and date of birth, but also their social security number and driver’s licence information, leaving them at high risk for identity theft.
Convincing landing page for an effective attack
When first opening the attachment, it appears to look like an official LinkedIn page. The attacker includes the LinkedIn logo on the form and makes it look nearly identical to the legitimate form that appears on LinkedIn’s official website.
Summary of attack target:
- Platform: Office 365
- Mailboxes: 10,000+
- Victims: VIP
- Payload: Malicious Attachment
- Technique: Impersonation
- Network / IP
- Electronic security systems
- Office security systems
- Office security
- Application security
- Physical security
- Remote security
- Commercial security
- Perimeter security
- Security management
- Security policy
- Security devices
- Security installation
- Security access systems
- Asset tracking
- Electronic access control
- Intrusion detection
- Identity management
- Building security
- Facility security
- Wireless security
- Door access control
- Security service
- Human identification system
- Physical Security Information Management (PSIM)
- IP security solutions
- Security communication
- Perimeter protection
- Cyber security
- Crime prevention
- Corporate Security
- Data Security
- Warning Devices
- Incident Management
- Security Assessments
- Cloud security
- Mobile access
- Touchless Security
