Subdomain spoofers turning to ‘trusted’ brand LinkedIn to spam users
LinkedIn has become the target of a new phishing campaign, and the company is powerless to block the attacks in the traditional ways.
Proofpoint discovered the campaign, which uses spoofed subdomains to get users to supply their LinkedIn credentials.
The company says the emails aren't designed to attack customers or partners, but they are exploiting domains and could eventually damage the victim's brand.
“if users see enough of these emails and flag them as spam, then mailbox providers may begin to penalize emails sent from example.com and its subdomains,” Proofpoint says.
This new approach is a new variation of subdomain spoofing, which traditionally targeted one company at a time and uses many aspects of the subdomain element.
This approach is new, as it uses all of the sending domains of a large number of companies and prepends them with an established and trusted brands, Proofpoint says.
Attackers send the phishing attempts over other companies' subdomains, not the traditional LinkedIn domains. This means LinkedIn is unable to block the attacks.
Proofpoint says that LinkedIn has long been building a community of trust, and attackers are now taking advantage of that trust.
Attackers have used the LinkedIn brand to create spoofed subdomains:
Proofpoint warns that this new combination of subdomain spoofing and snowshoe spamming can affect almost any business – and can use almost any large and trusted brand.
Proofpoint recommends that companies:
- Prepare all subdomains
- Consider all parent domains
- Add necessary tags