SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Email Security
#
Phishing
#
LinkedIn
Subdomain spoofers turning to ‘trusted’ brand LinkedIn to spam users
Tue, 14th Feb 2017
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor
Follow us

LinkedIn has become the target of a new phishing campaign, and the company is powerless to block the attacks in the traditional ways.

Proofpoint discovered the campaign, which uses spoofed subdomains to get users to supply their LinkedIn credentials.

The company says the emails aren't designed to attack customers or partners, but they are exploiting domains and could eventually damage the victim's brand.

“if users see enough of these emails and flag them as spam, then mailbox providers may begin to penalize emails sent from example.com and its subdomains,” Proofpoint says.

This new approach is a new variation of subdomain spoofing, which traditionally targeted one company at a time and uses many aspects of the subdomain element.

This approach is new, as it uses all of the sending domains of a large number of companies and prepends them with an established and trusted brands, Proofpoint says.

Attackers send the phishing attempts over other companies' subdomains, not the traditional LinkedIn domains. This means LinkedIn is unable to block the attacks.

Proofpoint says that LinkedIn has long been building a community of trust, and attackers are now taking advantage of that trust.

Attackers have used the LinkedIn brand to create spoofed subdomains:

Proofpoint warns that this new combination of subdomain spoofing and snowshoe spamming can affect almost any business – and can use almost any large and trusted brand.

Proofpoint recommends that companies:

  • Prepare all subdomains
  • Consider all parent domains
  • Add necessary tags
Related stories
Spirent partners with online payments platform to boost cyber defenses
Check Point boosts email security with new AI-powered features
Watch out! There are hidden dangers lurking in your PDFs
Cado Security teams up with Wiz to bolster cloud security solutions
Review: Avast Ultimate Business Security - comprehensive to say the least
Top stories
Coalition integrates cyber risk platform with top cloud services providers
Armis warns of major cyber-attack risk to 2024 global elections
i-PRO to support Genetec SaaS with new AI-enabled camera models
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
RiverSafe teams up with Cribl to boost IT & data security services