LinkedIn Phishing Emails: How Hackers Use Malware to Control Your Device

Have you just received an invitation to do business with someone on LinkedIn? Be careful before you click on anything because you could install malware on your device. The cybersecurity specialists at CyberFlow are aware of an ongoing campaign of LinkedIn phishing emails, carrying the ConnectWise Remote Access Trojan (RAT) malware.

The campaign likely started in May last year, but now the malicious actors have ramped up their efforts and are targeting an increasing number of victims.

How Do the LinkedIn Email Scams Look Like?

The first thing to look for is the overall layout and design of the fake LinkedIn notification. It imitates an old layout, in use before 2020. This strategy is likely used to resonate with users who are not frequent LinkedIn users and, thus, are more familiar with the older design.

As for the contents, the LinkedIn phishing emails contain an invitation that uses a real person’s image – Cho So-young. He is purportedly the Project Manager/ Business Sales Director of “DONGJIN Weidmüller Korea Ind.” – a company that does not actually exist.

The Malware Is Silently Installed on Your Device

This phishing campaign is more dangerous than others. In other email scams, the victims are taken to a phishing page, asking them to fill in account data and other sensitive personal details. Thus, there is at least a chance that the victim becomes suspicious and does not follow through.

In this case, the RAT malware is installed on the victim’s device as soon as they click on any of the two buttons in the email: Read More and Reply To. They are not even aware that the installer is being downloaded and executed on their device.

Once installed, the ConnectWise Remote Access Trojan allows the hackers to remotely connect to the victim’s device and steal any files and data stored on it. They may even use the device to launch new attacks on other victims.

Attention: Email Filters Do Not Detect the Malware in the Phishing Emails!

To make matters worse, the CyberFlow team knows that email filters and regular antivirus software do not detect the malware and do not stop it from being installed. It bypasses most of the standard security protocols, although the email fails the Sender Policy Framework and is not signed with DomainKeys Identified Mail.

This means that, although they should end up in the Spam folder, the LinkedIn phishing emails will actually appear in the user’s Inbox.

How to Protect Yourself and Your Employees from This New Cyber Threat

Using advanced email threat protection is the best option to keep these LinkedIn scams from reaching any of your employees and leading to a severe breach. CyberFlow goes beyond the regular email security solutions widely available to consumers.

We use professional software and perform 24/7 system monitoring to detect and stop any type of unusual traffic or attempt to access your network.

Anyone may fall victim to scams, including these LinkedIn phishing emails. So, the best option is to make sure that they do not reach your inbox. Contact CyberFlow today to safeguard your company devices and network!