LinkedIn users are now being targeted in a new phishing scam where attackers try to steal Microsoft login details. According to cybersecurity firm Push Security, the attackers are not using emails this time. Instead, they are messaging people directly on LinkedIn. They are mainly targeting finance leaders and high-level professionals who have access to important company accounts and data.
The scam looks very professional, which makes it easy for victims to trust it. The message claims to offer a senior position in an international investment fund, making the victim feel it is a big career opportunity.
LinkedIn Phishing Scam Pretends To Offer Executive Job
In this scam, the attacker sends a message from a LinkedIn profile that looks real and well-made. The message says the victim is being invited to join the Executive Board of a new “Commonwealth” investment fund. The language used sounds formal and exciting, as if it is a big step forward in the victim’s career.
The message also has a link to a document or proposal that the victim is asked to read. But once the victim clicks that link, they are taken through a chain of redirects.
First, it opens a Google Search link, then a website controlled by the attacker, and finally to a page hosted on firebasestorage.googleapis[.]com. This last page looks safe and normal at first.
When the victim tries to open the supposed document, the website asks them to log in with their Microsoft account. The page looks exactly like the real Microsoft sign-in page.
However, it is fake. If the victim enters their username and password here, the attackers get full access to their Microsoft account.
Stolen Microsoft Accounts Can Lead To Bigger Security Risks
Push Security says attackers are using CAPTCHA and other tools to prevent security systems from detecting these fake pages. This makes the scam harder to block.
The company also warns that phishing is now spreading beyond email. Even though LinkedIn is a “professional” platform, the accounts being targeted are still tied to important company systems.
If a Microsoft account is stolen, attackers may get access to company emails, files, business tools, and other apps linked through single sign-on.
Push Security advises users to never click job offers or links without checking the source carefully, even on LinkedIn.
