informa
1 MIN READ
Quick Hits

LinkedIn Phishing Spoof Bypasses Google Workspace Security

A credential-stealing attack that spoofed LinkedIn and targeted a national travel organization skates past DMARC and other email protections.

A phishing email purportedly from LinkedIn with the subject line "We noticed some unusual activity" was discovered targeting users at a travel organization, in an attempt to pilfer their credentials on the social-media platform.

The phishing campaign slipped past Google's email security controls after cheating email authentication checks via SFP and DMARC, according to Armorblox, whose email security system at the victim organization found and stopped the attack pointed at some 500 user inboxes.

"The main call-to-action button (Secure my account) included within the email contains a bad URL and took victims to a fake landing page. This fake landing page ... mimicked a legitimate LinkedIn sign in page that included LinkedIn logos, language, and illustrations that mirrored true LinkedIn branding," Armorblox wrote in a post about the attack campaign.