This post is dedicated to all LinkedIn users. A few days ago I received an email from a LinkedIn contact whom I trust. The message looked legit and innocuous like a regular LinkedIn message you get in your email inbox:
Clicking on the "View Message" button will lead you to your LinkedIn message page. I did not suspect anything out of the ordinary because the content appears to be what you would typically expect in a business context. Furthermore, the message originated from a contact whom I trust.
The link that was embedded in the message also looked legit as it points to a shared Microsoft Onedrive location. However, after clicking the link, I was directed to an invalid page.
I reached out to my contact separately, only to be told that his LinkedIn account had been hacked and that he did not send out any business proposal to me.
Hackers are certainly getting more creative - this method is markedly different from the typical email scams where a malicious HTML file or link is injected as bait (see https://blogs.quickheal.com/linkedin-phishing-email-scam-alert/ ). The seemingly harmless email was intended to lure the unsuspecting user (in this case, me!) to his/her LinkedIn message portal where the real action is expected to happen.
To err on the side of caution, I immediately changed my LinkedIn and Microsoft passwords. Imagine what would have happened if a malicious link or URL had been injected in the LinkedIn message payload.
Lessons learned
Use your intuition - analyse the usual writing style of your contact. If the style appears strange, then it's time to be suspicious.
Reach out to your contact separately i.e. find another way to contact him / her (e.g. email, SMS, call) and verify the situation
Temporarily block and flag your LinkedIn contact as suspicious, to contain the threat until you have verified that your contact has gotten control of his account.
Hope this helps.
References: