Currently, the most popular way for cybercriminals to steal personal data is phishing. To deceive their victims, they use both ingenious techniques of social engineering, and very primitive tricks. Malwarebytes specialists described recent attacks in which attackers used valid LinkedIn accounts to send phishing links through private messages and e-mail.

A distinctive feature of this malicious campaign is the use by hackers of compromised trusted accounts with a good reputation. Among other things, cybercriminals also used compromised premium accounts to communicate with other LinkedIn users (even if they were not added to the contact list) by e-mail using the InMail function.

According to the phishing message, the account owner wants to share the document with the user.

To do this, a potential victim must go through the specified link, which actually leads to a fake Gmail authorization page and other email services requesting credentials. After the introduction of the login and password, the document from the American banking company Wells Fargo, located in Google Docs, opens, so the user can not even imagine that he was a victim of scammers.

Specialists Malwarebytes find it difficult to name the exact number of LinkedIn accounts compromised during this campaign. Also, it is not known whether the phishing link is unique to every compromised account.