A new phishing scam is rapidly spreading on LinkedIn, where cybercriminals are deceiving finance sector professionals to steal their Microsoft account credentials. Scammers are sending fake offers to join the ‘Commonwealth Investment Fund’ via LinkedIn messages, which appear entirely legitimate.
LinkedIn Phishing Scam: A new method of cyber fraud has emerged on the digital networking platform LinkedIn. According to a report by Push Security, hackers are now targeting senior finance sector officials and business leaders through direct messages. They send offers to join a fake investment board called the Commonwealth Investment Fund, and clicking on the link directs the user to a bogus Microsoft login page. This phishing attack can jeopardize users' accounts, emails, and corporate data.
New Cyber Scam Targets Professional Users
A new phishing scam is rapidly spreading on the digital networking platform LinkedIn. This time, cybercriminals are specifically targeting senior officials and business leaders in the finance sector. Cybersecurity firm Push Security has revealed that hackers are now deceiving people through LinkedIn's direct messages instead of traditional email scams. These fraudsters send exclusive offers to join a fake board called ‘Commonwealth Investment Fund,’ which appears entirely professional.
How the Attack Occurs
Upon clicking the link in the message, the user is redirected via a Google search and then led to a fake Microsoft login page. This page appears so genuine that users are easily deceived. As soon as someone enters their email ID and password, this data directly reaches the cybercriminals. This can grant access to the user's corporate accounts, emails, and cloud data.
New Techniques to Evade Security Systems
According to Push Security, hackers are now employing advanced techniques like CAPTCHA and Cloudflare Turnstile to prevent security bots from scanning their fraudulent sites. This makes these attacks harder to detect. Cyber experts state that such attacks can pose a serious threat to company networks, as LinkedIn accounts are often directly linked to corporate emails and Microsoft services.
Increased Social Engineering Threat on LinkedIn
Reports indicate that cybercriminals are now spreading phishing scams not only via email but also on social media platforms. Sites like LinkedIn are becoming easy targets because professional users are present here with their real names, companies, and designations. This makes it easier for fraudsters to set up seemingly trustworthy traps.
Cybersecurity experts advise that if anyone receives an offer related to board membership, investment funds, or a high-ranking position on LinkedIn, they should not click on it without verification. Only take action after confirming the credibility of any link or document. One wrong click can jeopardize your company's entire network.
