Story image

Subdomain spoofers turning to ‘trusted’ brand LinkedIn to spam users

14 Feb 17

LinkedIn has become the target of a new phishing campaign, and the company is powerless to block the attacks in the traditional ways.

Proofpoint discovered the campaign, which uses spoofed subdomains to get users to supply their LinkedIn credentials.

The company says the emails aren’t designed to attack customers or partners, but they are exploiting domains and could eventually damage the victim’s brand.

“if users see enough of these emails and flag them as spam, then mailbox providers may begin to penalize emails sent from example.com and its subdomains,” Proofpoint says.

This new approach is a new variation of subdomain spoofing, which traditionally targeted one company at a time and uses many aspects of the subdomain element.

This approach is new, as it uses all of the sending domains of a large number of companies and prepends them with an established and trusted brands, Proofpoint says.

Attackers send the phishing attempts over other companies’ subdomains, not the traditional LinkedIn domains. This means LinkedIn is unable to block the attacks.

Proofpoint says that LinkedIn has long been building a community of trust, and attackers are now taking advantage of that trust.

Attackers have used the LinkedIn brand to create spoofed subdomains:

Proofpoint warns that this new combination of subdomain spoofing and snowshoe spamming can affect almost any business – and can use almost any large and trusted brand.

Proofpoint recommends that companies:

  • Prepare all subdomains
  • Consider all parent domains
  • Add necessary tags
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.