ClickCease LinkedIn Smartlinks Attacks Target Microsoft Accounts

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

LinkedIn Smartlinks Attacks Target Microsoft Accounts

Wajahat Raja

October 25, 2023 - TuxCare expert team

In the ever-evolving landscape of cybersecurity threats, hackers have once again employed a cunning strategy by exploiting LinkedIn’s Smart Links in phishing attacks, aiming to steal Microsoft account credentials. These sophisticated LinkedIn Smartlinks attacks not only allow cybercriminals to bypass security measures but also evade detection effectively.


LinkedIn Smartlinks Exploits

LinkedIn’s Smart Links are an integral component of its Sales Navigator service, typically used for marketing and tracking purposes. They enable business accounts to distribute content via trackable links, offering insights into user engagement. These links, comprising LinkedIn’s domain and an eight-character code parameter, give the appearance of originating from a trustworthy source, effectively circumventing email protection mechanisms. Therefore, implementing
proactive security measures and adhering to online security best practices is crucial for safeguarding your digital presence.

Previous Exploitations

This misuse of
LinkedIn’s Smart Links is not a novel tactic. In late 2022, cybersecurity firm Cofense uncovered a similar technique in a campaign targeting Slovakian users. The attackers employed bogus postal service lures, underlining the potential dangers posed by such manipulations.

A New Wave of Attacks

More recently, email security experts have witnessed a surge in the abuse of LinkedIn Smart Links. The alarming
Microsoft account targeting scheme transpired between July and August 2023 and involved over 800 emails with diverse subjects. These deceptive emails led unsuspecting recipients to phishing pages, which were meticulously designed to steal valuable Microsoft account credentials. 

The Anatomy of the Attack

The attackers behind this campaign, which leveraged 80 unique Smart Links, often used newly created or compromised LinkedIn business accounts to carry out their nefarious deeds. Notably, this latest campaign cast a wide net, with the most heavily targeted sectors encompassing finance, manufacturing, energy, construction, and

Despite the high volume of attacks on finance and manufacturing sectors, it’s important to understand that this campaign was not a direct assault on any specific business or industry. Instead, it sought to amass as many credentials as possible by employing LinkedIn business accounts and Smart Links to facilitate the attacks.

Luring Targets

To entice their targets, the attackers sent emails with subjects related to payments, human resources, documents, security notifications, and other convincing topics. The embedded link or button within these emails triggered a sequence of redirects, all originating from a seemingly “trustworthy” LinkedIn Smart Link.

To add an additional layer of authenticity to the phishing process, the Smart Link sent to victims was customized to include the target’s email address. This clever ruse allowed the phishing page to automatically populate the email field, requiring the victim only to input their password, mirroring the experience of a legitimate login portal.

The phishing page itself cunningly mimics a standard Microsoft login portal rather than a bespoke, company-specific design. While this tactic broadens the campaign’s potential victim pool, individuals well-acquainted with their organization’s unique login portals may remain cautious.

Educating Users: A Critical Defense


In the face of such social engineering attacks, it is paramount to educate users about the importance of not relying solely on email security tools to thwart these malicious attempts. Phishing actors are increasingly adopting tactics that exploit legitimate services to circumvent these protections. Employing robust phishing prevention measures is essential to thwart cyber threats and protect your sensitive information.


The exploitation of LinkedIn Smart Links in phishing campaigns represents a concerning trend in cyberattacks. By abusing these seemingly innocuous features, threat actors can cast a wide net, targeting users in various industries.
Protecting LinkedIn and Microsoft accounts is essential in today’s interconnected digital landscape.


As the landscape of cybersecurity threats continues to evolve, the importance of user education and vigilance cannot be overstated. It is crucial to remain proactive in safeguarding sensitive information and recognizing the subtle tricks that malicious actors employ to compromise security.

LinkedIn Smartlinks Attacks Target Microsoft Accounts
Article Name
LinkedIn Smartlinks Attacks Target Microsoft Accounts
Stay informed about the latest threats! Learn how LinkedIn Smartlinks attacks target Microsoft accounts and ensure your online security.
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter