Cybersecurity experts have warned of a sophisticated phishing campaign targeting senior finance professionals on LinkedIn. The scam lures them into fake executive board membership opportunities, which are used to steal Microsoft login credentials through disguised phishing pages.
According to a report by Push Security, the attack starts via a direct message from what appears to be a legitimate LinkedIn profile. It purports to be an ‘exclusive invitation’ to serve on the executive board of some fictional Commonwealth investment fund in partnership with a company called AMCO. It sounds like a professional pitch and an offer most executives would never want to pass up.
The attackers then send a link to a supposed ‘proposal document’ that recipients must review to accept the position. Once clicked, the link redirects through Google Search results, then to an attacker-controlled website, and finally to a landing page hosted on Firebase Storage, a legitimate Google-owned service often exploited for such scams.
Victims who follow the trail are directed to a spoofed Microsoft login page that appears identical to the real one. This is an adversary-in-the-middle attack method that works by intercepting credentials in real-time. If a user enters their Microsoft login credentials, that information is captured; this way, attackers gain access to sensitive corporate accounts and potentially entire systems.
Push Security says the campaign is unusually sophisticated because it uses both CAPTCHA and Cloudflare Turnstile to prevent security bots from detecting or analyzing the malicious sites-a tactic often seen in high-end cyber operations.
Also Read: How to Identify and Repair Broken Links in Your LinkedIn Post?
Experts say the shift from email phishing to social media-based attacks is an evolution in how threat actors target professionals. “Just because the attack happens on LinkedIn doesn’t make it less dangerous,” Push Security stated, adding, “Compromising a Microsoft or Google account can expose core business data and downstream apps via SSO.”
Organizations are now being urged to educate employees about social media threats and adopt multi-factor authentication to mitigate risks. With attackers mixing professionalism and deception, even the most careful LinkedIn users could find themselves one click away from compromise.