Banks and other financial institutions are grappling with a new form of phishing attack that leverages the popular business networking website LinkedIn to reach potential victims. The two-stage attack is notable for its sophistication, but with a smidge of awareness and vigilance, the multi-stage threat can be managed. So let’s get to the information you need to know.

Details of the Attack

The criminals initiate the attack by creating fake LinkedIn profiles. These profiles are crafted to resemble colleagues or associates and sometimes even to impersonate financial institution employees.

Then, once the attackers have established these deceptive profiles, they proceed to contact employees of the targeted organization. Friendly messages or connection requests are sent to forge a relationship.

Following the connection, the attackers send links or attachments that may look essential but are, in fact, malicious. A click on these links sets off the two-stage attack, which goes like this:

Stage One: The system identifies the operating system of the targeted host machine and readies itself for further malicious action.

Stage Two: Malicious software is downloaded, capable of stealing login credentials from the organization’s website.

The attackers are known to use details that make them appear credible, including the name of the targeted financial institution. This is why you should limit the information provided on social media and networking sites to only what is necessary. Consider using vague details for your role at your company, regardless of what type of organization it is. While financial organizations are targeted frequently, even most often by attackers, other business types in any sector are also victims of this type of crime.

Protection Measures

What can you do to stay more secure? Well, we’ve got some tips. To protect against this threat, the following steps are advised:

• Examine Profiles--Check LinkedIn profiles carefully when receiving connection requests from unfamiliar individuals. Verify with colleagues if necessary.

• Be Cautious with Links--Do not click on links or download attachments from untrusted sources, regardless of how authentic they may appear. Also, don’t click these if you are not expecting to receive them.

• Consult the IT Department--If you have concerns or believe you may have clicked a malicious link, contact your IT department right away. They possess the expertise and tools to assess the situation and take immediate action to safeguard your system and the organization's network.

The recent targeted phishing attacks on the financial sector highlight the importance of ongoing vigilance and careful scrutiny of online communications. Simple actions such as checking profiles, thinking before clicking, and communicating with IT professionals can significantly reduce the risk. With cybercriminals getting more tech-savvy and ingenious, staying informed and attentive is our best defense.