A new phishing scam has been discovered by Malwarebytes in which previously hacked LinkedIn accounts are used for sending links and messages.
A new phishing scam has been discovered by Malwarebytes in which previously hacked LinkedIn accounts are used for sending links and messages. According to Jerome Segura, a senior researcher at Malwarebytes, the attackers have been using premium accounts that have the ability to contact other LinkedIn users via the InMail feature to send phishing links. The message includes a reference to the shared document and a shortened ow.ly URL link that redirects to a Gmail or other email providers which ask the users to log in using their credentials. 
After entering the login credentials, it further asks for a phone number and secondary email address and then shows a decoy Wells Farel document hosted on Google Docs.
According to Segura, it is unclear how many LinkedIn accounts have been hacked in this campaign. Here the attackers are taking the advantage of LinkedIn InMail feature to send messages and phishing links to other contacts because by using InMail feature you can directly send a message to another LinkedIn member even though you are not connected with him “This kind of attack via social media is not new – we have seen hacked Skype or Facebook accounts send spam – but it reminds us of how much more difficult it is to block malicious activity when it comes from long standing and trusted user accounts, not to mention work acquaintances or relatives. This also makes such attacks more credible to potential victims and can lead to a snowball effect when victims become purveyors of phishing links themselves,”Jerome Segura said in a blog post on their website.
ow[.]ly/qmxf30eWLyN dgocs[.]gdk.mx/new/index.php dgocs[.]gdk.mx/new/index.php?i=1 cakrabuanacsbali[.]com/wp-rxz/index.phpFake Google Doc file used in phishing :
docs.google.com/document/d/13qUEngtHuKjtvGoPaMl3x6cEnT2oO6lSWOccM-PkXKk/edit