Phishing campaign targets finance executives with fake LinkedIn board invites

First reported

30.10.2025 15:00

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A phishing campaign is targeting finance executives via LinkedIn, using fake board invitations to steal Microsoft credentials. The attack begins with a LinkedIn message containing a malicious link. The campaign uses multiple redirects, including a Google open redirect and a custom landing page hosted on Firebase. The final stage involves a fake Microsoft login page designed to capture credentials and session cookies. The campaign was detected by Push Security, which observed an increase in phishing attempts through online services like LinkedIn. This is the second such campaign targeting executives on LinkedIn in the past six weeks.

Timeline

30.10.2025 15:00 1 articles · 11d ago

Phishing campaign targets finance executives with fake LinkedIn board invites
A phishing campaign targeting finance executives via LinkedIn was detected. The attack begins with a LinkedIn message containing a malicious link and uses multiple redirects, including a Google open redirect and a custom landing page hosted on Firebase. The final stage involves a fake Microsoft login page designed to capture credentials and session cookies. This is the second such campaign targeting executives on LinkedIn in the past six weeks.
Show sources

LinkedIn phishing targets finance execs with fake board invites — www.bleepingcomputer.com — 30.10.2025 15:00
Open in new tab

Information Snippets

The phishing campaign targets finance executives with fake board invitations on LinkedIn.
First reported: 30.10.2025 15:00

1 source, 1 article
Show sources
- LinkedIn phishing targets finance execs with fake board invites — www.bleepingcomputer.com — 30.10.2025 15:00
The attack begins with a LinkedIn message containing a malicious link.
First reported: 30.10.2025 15:00

1 source, 1 article
Show sources
- LinkedIn phishing targets finance execs with fake board invites — www.bleepingcomputer.com — 30.10.2025 15:00
The campaign uses multiple redirects, including a Google open redirect and a custom landing page hosted on Firebase.
First reported: 30.10.2025 15:00

1 source, 1 article
Show sources
- LinkedIn phishing targets finance execs with fake board invites — www.bleepingcomputer.com — 30.10.2025 15:00
The final stage involves a fake Microsoft login page designed to capture credentials and session cookies.
First reported: 30.10.2025 15:00

1 source, 1 article
Show sources
- LinkedIn phishing targets finance execs with fake board invites — www.bleepingcomputer.com — 30.10.2025 15:00
Push Security detected the campaign and noted an increase in phishing attempts through online services.
First reported: 30.10.2025 15:00

1 source, 1 article
Show sources
- LinkedIn phishing targets finance execs with fake board invites — www.bleepingcomputer.com — 30.10.2025 15:00
This is the second such campaign targeting executives on LinkedIn in the past six weeks.
First reported: 30.10.2025 15:00

1 source, 1 article
Show sources
- LinkedIn phishing targets finance execs with fake board invites — www.bleepingcomputer.com — 30.10.2025 15:00
The phishing messages claim to be invitations to join the executive board of a new investment fund.
First reported: 30.10.2025 15:00

1 source, 1 article
Show sources
- LinkedIn phishing targets finance execs with fake board invites — www.bleepingcomputer.com — 30.10.2025 15:00
The campaign uses domains with uncommon top-level domains (TLDs) such as .icu and .com.
First reported: 30.10.2025 15:00

1 source, 1 article
Show sources
- LinkedIn phishing targets finance execs with fake board invites — www.bleepingcomputer.com — 30.10.2025 15:00
The phishing pages use Cloudflare Turnstile CAPTCHA to block automated scanners.
First reported: 30.10.2025 15:00

1 source, 1 article
Show sources
- LinkedIn phishing targets finance execs with fake board invites — www.bleepingcomputer.com — 30.10.2025 15:00