LinkedIn phishing scam: Hackers use compromised accounts to steal Gmail, Yahoo and AOL credentials

Phishing scams have increasingly become cybercriminals' weapon of choice when attempting to steal private data from unsuspecting victims. A new LinkedIn phishing scam has been uncovered, which involves cybercriminals using hacked LinkedIn accounts to spread phishing links via the social media platform's InMail and private message services.

The scam, uncovered by Malwarebytes researcher Jerome Segura, involves cybercriminals using the hacked accounts of Premium LinkedIn users to send their contacts and external members a malicious Google Doc file and a phishing link that redirects users to a malicious site. The phishing site has been designed to trick users into entering in credentials for Gmail, Yahoo and AOL and divulge their personal data, allowing hackers to surreptitiously steal victims' email credentials and even phone numbers.

"What makes this campaign interesting is the abuse of long standing and trusted accounts that were hacked, including Premium membership accounts that have the ability to contact other LinkedIn users (even if they aren't a direct contact) via the InMail feature," Segura said in a blog.

"Those who proceed will have their username, password, and phone number stolen but won't realize they were duped right away. Indeed, this phishing scam ends on a tricky note with a decoy document on wealth management from Wells Fargo."

It is still unclear as to how many accounts have been targeted by the phishing scam. However, Segura said that one LinkedIn account that was hacked had over 500 connections, of which 256 people clicked on the phishing link.

IBTimes UK has reached out to Malwarebytes for further clarity on the incident and is awaiting a response.

"This kind of attack via social media is not new – we have seen hacked Skype or Facebook accounts send spam – but it reminds us of how much more difficult it is to block malicious activity when it comes from long standing and trusted user accounts, not to mention work acquaintances or relatives," Segura added.

"This also makes such attacks more credible to potential victims and can lead to a snowball effect when victims become purveyors of phishing links themselves."

LinkedIn users are advised to stay vigilant against phishing scams. Users who have had their accounts compromised are also advised to immediately change their passwords and enable two-factor authentication. It is also highly recommended that those whose accounts have been hacked, post an update informing their contacts about the hack, alerting them to open any previous messages with an abundance of caution. To find out more about how to stay safe from phishing scams, click here.