{"id":11071,"date":"2023-10-18T11:13:39","date_gmt":"2023-10-17T22:13:39","guid":{"rendered":"https:\/\/kinetics.co.nz\/?p=11071"},"modified":"2023-10-18T11:13:39","modified_gmt":"2023-10-17T22:13:39","slug":"look-out-for-linkedin-smart-links","status":"publish","type":"post","link":"https:\/\/new.kinetics.co.nz\/?p=11071","title":{"rendered":"Look out for LinkedIn Smart Links"},"content":{"rendered":"

[et_pb_section fb_built=”1″ _builder_version=”4.22.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.22.2″ _module_preset=”default” background_image=”\/wp-content\/uploads\/2023\/10\/LinkedInMobile.png” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”1_2″ _builder_version=”4.22.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.22.2″ _module_preset=”default” background_color=”rgba(255,255,255,0.96)” custom_padding=”20px|20px|20px|20px|false|false” border_radii=”on|20px|20px|20px|20px” border_width_all=”1px” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

This is a great example of needing new tools that didn’t used to exist, to keep cyber-safe, even if they add cost to our cyber-protection.<\/p>\n

Hijacking your trust in LinkedIn<\/h2>\n

Cybersecurity firm Cofense have detected phishing campaigns<\/a> that used LinkedIn links called “Smart Links\u201d to bypass security gateways for deliver credential phishing.<\/p>\n

Smart Links are used by LinkedIn Sales Navigator and other business users to track content and engagement.\u00a0 A smartlink is the mysterious 8 character code in a LinkedIn URL at the end.<\/p>\n

\"\"<\/p>\n

Fig 1 Cofense SmartLink structure<\/em><\/p>\n

We’re told that the hacker code uses this to read from the attached email and use that to present a fake Microsoft login page.<\/p>\n

If they can convince you to put in your details, and to enter your MFA code, then voila, they have access to your 365.<\/p>\n

Because it’s using the LinkedIn URL, and we all tend to trust LinkedIn, your email filter is blindsided.\u00a0 It is not something we can easily filter out because LinkedIn is a trusted domain.<\/p>\n

That means the victim recieves a legitmate looking email,\u00a0 with a link they are enticed to click on, that opens a fake Microsoft 365 which includes the victims email address so it looks even more authentic.<\/p>\n

[\/et_pb_text][\/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.22.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.22.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.22.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.22.2″ _module_preset=”default” background_color=”rgba(0,0,0,0.07)” custom_padding=”20px|20px|20px|20px|false|false” border_radii=”on|20px|20px|20px|20px” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

 <\/p>\n

Kinetics KARE is stepping up<\/h2>\n

The Kinetics KARE team are testing a brand new tool that helps isolate login pages in a virtual sandbox to test them and filter out fakes. It is brand new technology. Subject to testing, this will be deployed to our Kinetics Security Plus<\/a> premium service.<\/span><\/span><\/span><\/span><\/p>\n

 <\/p>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

This is a great example of needing new tools that didn’t used to exist, to keep cyber-safe, even if they add cost to our cyber-protection. Hijacking your trust in LinkedIn Cybersecurity firm Cofense have detected phishing campaigns that used LinkedIn links called “Smart Links\u201d to bypass security gateways for deliver credential phishing. Smart Links are […]<\/p>\n","protected":false},"author":5,"featured_media":11076,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4,5],"tags":[],"class_list":["post-11071","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security"],"_links":{"self":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/11071","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11071"}],"version-history":[{"count":0,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/11071\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11071"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11071"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11071"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}