New LinkedIn Phishing Campaign Targets Finance Leaders to Steal Microsoft Credentials

A new LinkedIn-based phishing campaign is targeting finance leaders and senior executives, using a highly sophisticated social engineering tactic to steal Microsoft login credentials. Unlike traditional phishing attempts that rely on malicious emails, this campaign operates entirely within LinkedIn’s messaging system, making it harder to detect and block through conventional security filters. The campaign was uncovered by Push Security, which reported detecting and preventing a high-risk phishing attack that sought to compromise the accounts of targeted professionals. According to the cybersecurity firm, the attackers are leveraging LinkedIn’s trust-based ecosystem to approach high-value individuals in leadership roles, particularly those in the finance and investment sectors. Here’s how the scheme unfolds: victims receive a direct message on LinkedIn from what appears to be a legitimate business profile. The attacker poses as a representative of an investment organization and extends an exclusive invitation to join a newly launched financial board. “I’m excited to extend an exclusive invitation for you to join the Executive Board of the Commonwealth investment fund in South America in partnership with AMCO – Our Asset Management branch, a bold new venture capital fund launching an Investment Fund in South America,” the fraudulent message reads, mimicking professional corporate language to
Read More