In this attack, the attacker impersonates a policy change notification from LinkedIn in order to steal highly confidential information such as the victim’s social security number.
Platform: Office 365
Mailboxes: 10,000 +
Payload: Malicious Attachment
Setup: Cybercriminals constantly search for unique social engineering tactics to dupe their victims. However, in this attack, attackers rely on the reputability and trust bestowed in social media and networking platforms, such as LinkedIn. Through impersonating the trusted networking site, attackers attempt to exploit important credentials.
Email Attack: In this attack, the recipient receives an email from what appears to be LinkedIn containing a policy change notification. The email body only includes an HTML attachment named “PolicyChange2845,” while the subject reads “Changes that affect you,” promoting the recipient to open the file. Further, while the sender’s name is LinkedIn, the actual sending email address is ‘firstname.lastname@example.org,’ which has no relation to LinkedIn.
Payload: When opening the attachment, the recipient is lead to fill out a form that looks similar to the LinkedIn login or sign up page. This form contains input fields for the recipient’s name, social security number, date of birth, and driver’s license.
Result: Should the recipient fall subject to this attack and fill out the form they are prompted with, they will have released highly confidential information. The attacker would not only have their name and date of birth but also their social security number and driver’s license information, leaving them at high risk for identity theft.
Convincing Landing Page: When first opening the attachment, it appears to look like an official LinkedIn page. The attacker included the LinkedIn logo on the form and made it look nearly identical to the legitimate form that appears on LinkedIn’s website.
Abnormal is the email security company that stands for trust.
© 2021 Abnormal Security Corporation.
All rights reserved.