LinkedIn Account Phishing Campaign

The NJCCIC has detected a phishing campaign targeting New Jersey State employees and crafted to obtain their LinkedIn account credentials. The campaign sends emails designed to look like legitimate correspondence from the LinkedIn social media platform and contain URLs that lead to malicious sites masquerading as the LinkedIn login page. If a victim enters their credentials into the fields displayed on the website, the information will be transmitted to the threat actors behind the campaign and will likely be used to compromise the associated social media account, as well as any account that shares the same credentials. It will also put victims’ LinkedIn contacts and connections at risk of phishing and other social engineering schemes as these actors often use compromised accounts to impersonate others and target new victims. The NJCCIC strongly recommends never using links provided in unsolicited emails to visit websites requiring the input of account credentials. Users who receive unexpected or unsolicited email requests from known senders inviting them to click on a link or open an attachment should always verify the sender via another means of communication before taking any action. We also recommend closely examining the URL field of your web browser before attempting to sign into any account to ensure you are visiting a legitimate website.