top of page
OceanVertical

LinkedIn Scams Target Finance Leaders

  • marketing14560
  • Nov 5
  • 2 min read
linkedin invite phishing

An executive board role? On LinkedIn? Flattering. But behind that shiny title offer lies.

A linkedin scam phishing campaign aimed squarely at finance leaders and it's not sending any bonuses.


A campaign discovered by Push Security exploited LinkedIn direct‑messages to target finance executives, pretending to offer elite “Executive Board” roles in a fictional “Common Wealth” investment fund. Here’s how the scam unfolds:

  • The victim receives a LinkedIn message with a link.

  • Clicking the link triggers a chain of redirects: first via a Google open‑redirect, then to a site hosted on Firebase storage.

  • The landing page masquerades as a “LinkedIn Cloud Share” portal, containing supposed board docs. To view them, the user is asked to click “View with Microsoft”.

  • After solving a CAPTCHA (Cloudflare Turnstile) to defeat automated scanner detection, the user is presented with a fake Microsoft login page — but it’s actually a credential‑and‑session cookie harvesting page (an adversary‑in‑the‑middle (AITM) style attack).

  • Notably, 34% of phishing attempts from Push Security in the past month came through non‑email channels (LinkedIn and similar) — up from under 10% three months prior.


ree

What looks like a flattering opportunity becomes a clever phishing funnel targeting C‑suite credentials. It bypasses email defenses by using trusted platforms like LinkedIn and employs tools like CAPTCHA and fake login pages to steal credentials from high value targets.


The Takeaway


If you’re a finance executive or support one, treat unexpected LinkedIn board invitations with caution, inspect links and domains before clicking, and enable multi-factor authentication to block attackers even if credentials are compromised. Stay alert for suspicious redirects or CAPTCHA prompts, and make sure your team knows phishing now extends beyond email into professional networks.


Stay safe out there

-Mars


New Funnies!


What’s a phishers favorite type of music?

Classical but only when it's got a good hook.


Why did I ignore the “once-in-a-lifetime opportunity”?

Because it comes once every 20 minutes.


“I saw your post and was truly inspired.”

my last post was a cat meme from 2019.


What’s a phishers email’s favorite pickup line on LinkedIn?

“Hey there, beautiful. I have a secure PDF just for you.”

 
 
 

Comments

bottom of page