One of the news items in an upcoming DarkCyber talks about LinkedIn phishing exploits. I want to mention this method of hijacking or intruding into a system for two reasons. First, Microsoft has been explaining and reframing the SolarWinds’ security misstep for a couple of months. The Redmond giant has used explanations of the breach to market its Windows and Azure security systems. LinkedIn is a Microsoft property, and it seems as if Microsoft would clamp down on phishing attacks after it lost some of the source code to Exchange and a couple of other Microsoft crown jewels. Second, LinkedIn, like Microsoft Teams, is going through a featuritis phase. The service is making publishing, rich media, in message links, and group functions more easily available. The goal is to increase the social network’s value and revenue, particularly among those seeking employment. There’s nothing like a malicious exploit that kills a job hunter’s computing to brighten one’s day.
The article “Phishers Tricking Users via Fake LinkedIn Private Shared Document” explains the exploit. The write up says: