LinkedIn Phishing Spoof Bypasses Google Workspace Security

A credential-stealing attack that spoofed LinkedIn and targeted a national travel organization skates past DMARC and other email protections.

Dark Reading Staff, Dark Reading

October 25, 2022

1 Min Read
LinkedIn signage on a brick office building with a blue sky and puffy clouds overhead
Source: jejim120 via Alamy Stock Photo

A phishing email purportedly from LinkedIn with the subject line "We noticed some unusual activity" was discovered targeting users at a travel organization, in an attempt to pilfer their credentials on the social-media platform.

The phishing campaign slipped past Google's email security controls after cheating email authentication checks via SFP and DMARC, according to Armorblox, whose email security system at the victim organization found and stopped the attack pointed at some 500 user inboxes.

"The main call-to-action button (Secure my account) included within the email contains a bad URL and took victims to a fake landing page. This fake landing page ... mimicked a legitimate LinkedIn sign in page that included LinkedIn logos, language, and illustrations that mirrored true LinkedIn branding," Armorblox wrote in a post about the attack campaign.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights