Attackers pose as investment firm reps inviting executives to join a fake “Commonwealth Investment Fund.”
The scam redirects victims through multiple sites to a fake Microsoft login page hosted on Firebase.
Push Security warns that phishing is shifting from email to social media, exploiting user trust on LinkedIn.
LinkedIn has become the latest hunting ground for cybercriminals. A newly uncovered phishing campaign is targeting finance leaders on the professional networking platform in an attempt to steal their Microsoft login credentials. The campaign, discovered by cybersecurity firm Push Security, was a high-risk LinkedIn phishing attack aimed at high-value corporate users. Unlike traditional phishing emails, this attack leverages LinkedIn direct messages to appear more authentic and trustworthy.
SurveyHere’s what we know
How the scam works
According to Push Security, the attackers initiate contact through a legitimate-looking LinkedIn profile, posing as representatives of an investment firm. The message invites executives to join the “Executive Board of the Commonwealth Investment Fund,” described as a new venture capital fund in partnership with a fictitious company called AMCO Asset Management.
The message, written in a professional tone, promises prestige and an exclusive opportunity — an enticing offer for senior professionals. However, the message also includes a link to a document that the recipient is asked to review before accepting the supposed board position.
Clicking the link triggers a chain of redirects, first through Google Search results, then to an attacker-controlled site, and finally to a landing page hosted on firebasestorage.googleapis[.]com. From there, users are prompted to “view the document with Microsoft.”
This step leads victims to a fake Microsoft login page, designed to imitate the real one perfectly. Once the credentials are entered, the details are instantly stolen by the attackers. The firm noted that the attackers have taken extra measures to evade detection. The malicious pages are protected with CAPTCHA and Cloudflare Turnstile, preventing automated security tools from flagging or scanning them.
The cybersecurity firm warns that phishing attempts are increasingly shifting away from email to social media platforms like LinkedIn, where professionals are more trusting of peer communications.
“Just because the attack happens over LinkedIn doesn’t lessen the impact; these are corporate credentials being targeted,” Push Security cautioned. “Compromising a Microsoft or Google account can expose critical company data and any linked services accessed via single sign-on (SSO).”
Also read: Apple iOS 27 to bring major Apple Intelligence overhaul, report hints at massive AI upgrade
Experts advise users to remain vigilant about unsolicited messages on professional platforms and verify the authenticity of all invitations or offers before clicking on links.
Follow Us
Himani Jha
Himani Jha is a tech news writer at Digit. Passionate about smartphones and consumer technology, she has contributed to leading publications such as Times Network, Gadgets 360, and Hindustan Times Tech for the past five years. When not immersed in gadgets, she enjoys exploring the vibrant culinary scene, discovering new cafes and restaurants, and indulging in her love for fine literature and timeless music. View Full Profile
