IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

LinkedIn’s Smart Links abused in phishing attack targeting Slovakian users

The lure in the scam is a legitimate-looking pending shipment order from Slovakian Postal Service

LinkedIn sign in a window

Smart Link, a feature exclusive to LinkedIn’s Sales Navigator and Enterprise users, has been targeted in a recent phishing scam.

A convenience feature, Smart Link enables subscribers to redirect their targeted customers to legitimate websites for advertisements.

Related Resource

TA551/Shathak threat research

A detailed report on the cyber crime group and its attacks

Ripplies of multi-coloured 1s and 0s - whitepaper from MimecastDownload now

Threat actors have now leveraged the feature to evade email security products, in an attempt to redirect users to phishing pages. The attackers are also banking on Smart Link’s analytics to gauge the effectiveness of their campaigns.

Decoding the attack, threat intelligence provider Cofense revealed the phishing emails can be traced back to Slovenská Pošta, a state-owned postal service provider in Slovakia.

“Although we can see that the recipient has a shipment waiting to be delivered, the order can only be fulfilled with payment. Threat actor even added features to the email, including the fictitious reference number, to give the impression of legitimacy,” explained Cofense.

The email header, part of the attackers’ trickery, appears legitimate to the unsuspecting eye. However, upon close examination, it can be found that the header “sis[.]sk@augenlabs.com” is a spoof.

The attack gets further evasive by an embedded “confirm” button leading to a legitimate-looking LinkedIn Smart Link URL that redirects the victim to a phishing page. (“linkedin[.]com/slink?code=g4zmg2B6”)

Despite the realistic €2.99 shipping price on the landing page, the phishing actors aren't looking to receive money, according to Cofense. Target's credit card information, including number, holder's name, expiration date, and CVV are among the details desired by the attackers.

“Due to a threat actor exploiting the official LinkedIn smart link service, the phishing page is still up and running,” added the company.

Featured Resources

Three ways manual coding is killing your business productivity

...and how you can fix it

Free Download

Goodbye broadcasts, hello conversations

Drive conversations across the funnel with the WhatsApp Business Platform

Free Download

Winning with multi-cloud

How to drive a competitive advantage and overcome data integration challenges

Free Download

Talking to a business should feel like messaging a friend

Managing customer conversations at scale with the WhatsApp Business Platform

Free Download

Recommended

Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Attackers use CSS to fool anti-phishing systems
phishing

Attackers use CSS to fool anti-phishing systems

11 Nov 2021

Most Popular

Vodafone UK confirms talks to merge with Three are underway
mergers and acquisitions

Vodafone UK confirms talks to merge with Three are underway

3 Oct 2022
BT's new platform promises to slash AI development time from months to days
artificial intelligence (AI)

BT's new platform promises to slash AI development time from months to days

3 Oct 2022
How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022