At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    LinkedIn Phishing Attack Bypassed Email Filters Because it Passed Both SPF and DMARC Auth

    Researchers at Armorblox have observed a phishing campaign impersonating LinkedIn. The emails inform the user that their LinkedIn account has been suspended due to suspicious activity.

    “The subject of this email evoked a sense of urgency in the victims, with a subject reading, ‘We noticed some unusual activity,’ the researchers write. “At first glance, the sender looks to be LinkedIn, the global brand used for connecting with colleagues and individuals around the world. However, when looking closer it is clear that the sender name reads Linkedin (an improper spelling of the brand’s name) and the email address is not associated with LinkedIn. Upon further analysis, the Armorblox Threat Research team found the domain name is fleek[.]co, created March 6th of this year––in preparation for attackers to execute targeted email attacks such as this one.”

    The phishing emails and the phishing site convincingly spoofed LinkedIn’s branding.

    “The email looks like a notification from LinkedIn, notifying the end user about suspicious activity on his or her account,” the researchers write. “The email included a LinkedIn logo at the top and bottom in order to instill trust in the recipient (victim) that the email communication was a legitimate business email notification from LinkedIn – instead of a targeted, socially engineered email attack. The body of the email contains information about a sign in attempt: device used, date and time, and location; notifying the end user that this attempt has resulted in limited account access due to the potential fraudulent activity. The victim is prompted to ‘Secure my account’ to avoid the LinkedIn account from being closed.”

    Armorblox notes that the phishing messages were able to bypass email security filters.

    “The email attack bypassed native Google email security controls because it passed both SPF and DMARC email authentication checks,” Armorblox says. “Attackers used a valid domain to send this malicious email, with the goal to bypass native email security layers and exfiltrate sensitive user credentials. Even though the sender domain received a reputation score of high risk, email security layers such as Google that rely on email authentication checks for legitimacy would not catch this targeted email attack.”

    New-school security awareness training can enable your employees to identify phishing attacks that slip past your technical defenses.

    Armorblox has the story.

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    Here’s how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry
    Go Phishing Now!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top