Hello, welcome to the Thursday, February 18th, 2021 edition of the Sandcent Storm Center's

Stormcast. My name is Johannes Ulrich. And today I'm recording from Jackstville, Florida.

Many social networks have a feature where if you receive a message within the social network,

it will send you a notification via email.

The idea kind of is, of course, to get you to go back to the social networking website and

sometimes a little bit sold as a more secure way to exchange messages because you avoid some

of the issues with exchanging emails.

However, this is only true if the link actually leads to the particular social network.

And we have a nice guest diary by J.B. Bowers showing how this can be abused and is being abused by the bad guys in this case by impersonating

LinkedIn.

Now, they're sort of claiming that there is a LinkedIn secure message, which doesn't actually

exist in that form, and they send you a private shared document.

Clicking on the link gets you then to a phishing page that solicits your LinkedIn credentials.

So why are people going after LinkedIn credentials?

Well, a couple reasons.

First of all, you may use the same credentials on other sites, in particular your main email

provider as well.

And secondly, once they do have your LinkedIn credentials, they can then leverage them to

reach out to your contacts.

JV's diary also has a good number of indicators of compromise from this particular

attack, but points out how difficult it can be to find and detect these attacks, since they're

pretty much using very well-known and frequently used cloud services, so an attack like this easily disappears

...