Linktree has become a popular tool for creating bio pages on social media platforms like Instagram and TikTok, allowing users to share their information and social media handles easily. Unfortunately, its ease of use and popularity has caught the attention of hackers, who now use it as a medium for phishing attacks.
Avanan, a Check Point Software Company, has disclosed how hackers exploit Linktree to steal user credentials. Avanan’s cybersecurity researchers have prepared an attack brief that discusses the techniques employed by these cybercriminals to deceive their victims.
In this attack, hackers create legitimate Linktree pages hosting malicious URLs to harvest credentials. They send phishing emails with spoofed Microsoft OneDrive or Sharepoint notifications, tricking users into clicking the malicious links. The victims are then redirected to a fake Office 365 login page where their credentials are stolen.
You can read about this attack here.
Related
This entry was posted on April 20, 2023 at 9:01 am and is filed under Commentary with tags Avanan. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Linktree Phishing Attack: Hackers Steal Credentials via Popular Social Media Tool While Spoofing Microsoft
Linktree has become a popular tool for creating bio pages on social media platforms like Instagram and TikTok, allowing users to share their information and social media handles easily. Unfortunately, its ease of use and popularity has caught the attention of hackers, who now use it as a medium for phishing attacks.
Avanan, a Check Point Software Company, has disclosed how hackers exploit Linktree to steal user credentials. Avanan’s cybersecurity researchers have prepared an attack brief that discusses the techniques employed by these cybercriminals to deceive their victims.
In this attack, hackers create legitimate Linktree pages hosting malicious URLs to harvest credentials. They send phishing emails with spoofed Microsoft OneDrive or Sharepoint notifications, tricking users into clicking the malicious links. The victims are then redirected to a fake Office 365 login page where their credentials are stolen.
You can read about this attack here.
Share this:
Like this:
Related
This entry was posted on April 20, 2023 at 9:01 am and is filed under Commentary with tags Avanan. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.