[update] A new dark marketing agency social engineering scam is gaining traction on LinkedIn, and not only there...

I've published a small basic research on phishing circulating over LinkedIn via hacked/owned old accounts, that are cloaked to show as legit and searching for Facebook marketing companies, to which they send viruses masked as "project details file". The article is available here .

This trend has continued in recent months, and I know at least three agencies have been hacked this way. Interestingly, one of the last times I communicated with such a phishing actor, he/she was pushing the communication toward WhatsApp, where the same "document sending" occurred.

Also, at that moment, I wrote, "Why are you sending these viruses" In a few minutes, LinkedIn killed this account. This sparked a light of hope as it seems LI have implemented some automatic scrutiny (I wonder how good this is for the privacy of the messages exchanged between LinkedIn members, but this is another topic).

There is some profiling undergoing, as I started to get similar manually submitted messages passing over a captcha with similar content and a fresh (registered 2 days ago) fake domain:

The pattern is the same, and I am convinced a group of malicious actors are exploring Facebook advertising as a possible attack vector by opening the infected PC and controlling it remotely to steal information from active user sessions, bypassing 2fa and entering passwords.

So, be aware that this type of attack is up to date, and evolving to Whatsapp as a channel to distribute the virus and add additional "fake credibility" for the phishing profile.

I am pretty sure these people will meet you live over WhatsApp and try to collect further information through social engineering about how you work and possible weak points, so make sure that you have run detailed due diligence on the proposals like the one above before you even reply to their request.

In the above email example, just the e-mail and the Whatsapp number are fake (barbour-global.com is registered two days prior to the attack):

Classic phishing attack, but many fresh and unexperienced or au contraire - large agencies used to such budgets can easily fall in such trap exposing their company to malicious activities.

Be careful and share this and the other article on the topic with your fellow agency managers :)