[{"data":1,"prerenderedAt":276},["ShallowReactive",2],{"application-flags":3,"navbar":7,"always-visible-banner":36,"navbar-about-highlight":108,"navbar-resource-highlight":182,"press-pages-/news/push-security-identifies-linkedin-phishing-campaign":226},[4],{"name":5,"enabled":6},"maintenanceMode",false,[8],{"createdDate":9,"id":10,"name":11,"modelId":12,"published":13,"query":14,"data":15,"variations":20,"lastUpdated":21,"firstPublished":22,"testRatio":23,"createdBy":24,"lastUpdatedBy":25,"folders":26,"meta":27,"rev":35},1742208588866,"1c7a4e423bf54ac1a328bb4063459ef2","Banner","1c6207a5f24948ab82d4a0b17f251193","published",[],{"type":16,"url":17,"text":18,"link":19},"web-banner","https://pushsecurity.com/resources/browser-attacks-report","Get our latest report analyzing browser attack techniques in 2026",{},{},1774258294825,1742208637545,1,"CydmZnOWU1XuAaLhEDCoYNM4Z8W2","jKjF9r5jcvXU8tzZEfFQm31Iyvr2",[],{"kind":28,"lastPreviewUrl":29,"breakpoints":30,"hasAutosaves":34},"data","",{"xsmall":31,"small":32,"medium":33},320,640,768,true,"ga0kpxjhh76",{"createdDate":37,"id":38,"name":39,"modelId":40,"published":13,"stageModifiedSincePublish":6,"query":41,"data":42,"variations":97,"lastUpdated":98,"firstPublished":99,"testRatio":23,"createdBy":100,"lastUpdatedBy":101,"folders":102,"meta":103,"rev":107},1774965361051,"fd266d0172cc47429be7ad10f48c99ad","always visible banner","0678d178ec8b41efb8a23c09dba7874d",[],{"ctaText":43,"text":44,"url":29,"blocks":45,"state":93},"ewrererw","testrfesssssssssss",[46,73,81],{"@type":47,"@version":48,"id":49,"component":50,"responsiveStyles":63},"@builder.io/sdk:Element",2,"builder-ca12c06a52de41d7b8743da53118cd38",{"name":51,"tag":51,"options":52,"isRSC":62},"TopBannerContent",{"text":53,"ctaText":54,"url":55,"mainText":56,"cta":59},"New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks","Save Your Spot","https://pushsecurity.com/webinar/state-of-browser-security",{"content":57,"fontSize":58},"\u003Cp>Meet Push's browser security experts at BlackHat 2026.\u003C/p>","text-base",{"content":60,"fontSize":58,"url":61},"\u003Cp>Book a meeting →\u003C/p>","https://pushsecurity.com/events/blackhat-2026-meeting",null,{"large":64},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"marginTop":70,"marginBottom":70,"fontSize":71,"fontWeight":72},"flex","column","relative","0","border-box",".56rem","1.125rem","700",{"@type":47,"@version":48,"id":74,"component":75,"responsiveStyles":79},"builder-a2e1f4b9f30b464bb814d7f5de5b0aa7",{"name":76,"options":77,"isRSC":62},"Custom Code",{"code":78,"scriptsClientOnly":6},"\u003Cstyle>\n  .top-banner.bg-web-orange{background:rgb(114, 79, 255);}\n\u003C/style>\n",{"large":80},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":82,"@type":47,"tagName":83,"properties":84,"responsiveStyles":88},"builder-pixel-o503s4fpvk","img",{"src":85,"aria-hidden":86,"alt":29,"role":87,"width":68,"height":68},"https://cdn.builder.io/api/v1/pixel?apiKey=f3a1111ff5be48cdbb123cd9f5795a05","true","presentation",{"large":89},{"height":68,"width":68,"display":90,"opacity":68,"overflow":91,"pointerEvents":92},"block","hidden","none",{"deviceSize":94,"location":95},"large",{"path":29,"query":96},{},{},1783541846936,1774968080803,"ST0tXQM8slWpFrmioqKHmENB2qe2","kYgMv6WsbvfmlOUYqR2SFwGzw6e2",[],{"kind":104,"lastPreviewUrl":105,"hasLinks":6,"breakpoints":106,"hasErrors":6,"hasAutosaves":6},"component","https://pushsecurity.com/?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=always-visible-banner&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.always-visible-banner=fd266d0172cc47429be7ad10f48c99ad&builder.overrides.fd266d0172cc47429be7ad10f48c99ad=fd266d0172cc47429be7ad10f48c99ad&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},"kyujw1aptq",[109,145],{"createdDate":110,"id":111,"name":112,"modelId":113,"published":13,"stageModifiedSincePublish":6,"query":114,"data":115,"variations":138,"lastUpdated":139,"firstPublished":140,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":141,"meta":142,"rev":144},1776247359804,"9136a8f18b3b4a6ba29b8653a99372b1","testimonial-inductive-automation","20d9eaa352304613b3d1a794b400703d",[],{"link":116,"type":117,"testimonialLink":118,"testimonial":119},{},"testimonial","/customer-stories/inductive-automation",{"@type":120,"id":121,"model":117,"value":122},"@builder.io/core:Reference","f028f2b685bb47cd8bf9e82a26dd5a79",{"query":123,"folders":124,"createdDate":125,"id":121,"name":126,"modelId":127,"published":13,"data":128,"variations":132,"lastUpdated":133,"firstPublished":134,"testRatio":23,"createdBy":100,"lastUpdatedBy":100,"meta":135,"rev":137},[],[],1735823466309,"We found Push to be more accurate when compared to competitors and the browser agent offered features that others couldn’t match.","42035571a56940ac98bff4544aa79aa5",{"author":129,"jobTitle":130,"quote":126,"image":131},"Jason Waits","\u003Cp>CISO at Inductive Automation\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff04c0c0689ce4a89ac0f0708d78c0a07",{},1735910703862,1735823501152,{"kind":28,"lastPreviewUrl":29,"breakpoints":136,"hasAutosaves":34},{"small":32,"medium":33},"e8bsg4qrgtu",{},1776247404986,1776247404973,[],{"breakpoints":143,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},"g9lqcuxphw7",{"createdDate":146,"id":147,"name":148,"modelId":113,"published":13,"meta":149,"stageModifiedSincePublish":6,"query":151,"data":152,"variations":178,"lastUpdated":179,"firstPublished":180,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":181,"rev":144},1776255761419,"05a9322735fc427db12e2740e4302300","Report: 2026 Browser Attack Techniques",{"breakpoints":150,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":153,"link":172,"type":175,"title":148,"description":176,"image":177},{"@type":120,"id":154,"model":117,"value":155},"192acbb1f9ca4cac918c0ec435a8bae3",{"query":156,"folders":157,"createdDate":158,"id":154,"name":159,"modelId":127,"published":13,"data":160,"variations":166,"lastUpdated":167,"firstPublished":168,"testRatio":23,"createdBy":100,"lastUpdatedBy":24,"meta":169,"rev":171},[],[],1728981467463,"Push does for identity what CrowdStrike did for the endpoint",{"video":161,"jobTitle":162,"author":163,"qoute":29,"quote":164,"image":165},"https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8b30e8ca50064058bbaef0f3c6164575%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=8b30e8ca50064058bbaef0f3c6164575&alt=media&optimized=true","\u003Cp>Deputy CISO at Microsoft\u003C/p>\u003Cp>Former LinkedIn, Slack, Palantir\u003C/p>","Geoff Belknap","Push does for identity what CrowdStrike did for the endpoint.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F748f0ad0a5064a00a13f4721fcc8dea1",{},1742902158597,1728981782923,{"kind":28,"lastPreviewUrl":29,"breakpoints":170,"hasAutosaves":34},{"small":32,"medium":33},"ulhc0im1hfo",{"text":173,"url":174},"Download now","/resources/browser-attacks-report","resource","Learn about the latest techniques being used in the wild.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b4a5ebf81d64e8c9d7fc35f6c96c4a9",{},1776255810913,1776255810900,[],[183,205],{"createdDate":184,"id":185,"name":148,"modelId":186,"published":13,"meta":187,"stageModifiedSincePublish":6,"query":189,"data":190,"variations":200,"lastUpdated":201,"firstPublished":202,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":203,"rev":204},1776256900280,"1f429607996e4e5fae8fe3f9b9610e55","4829faa81e7c4ee8bd2d000e160e8d3c",{"breakpoints":188,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":191,"link":199,"type":175,"title":148,"description":176,"image":177},{"@type":120,"id":154,"model":117,"value":192},{"query":193,"folders":194,"createdDate":158,"id":154,"name":159,"modelId":127,"published":13,"data":195,"variations":196,"lastUpdated":167,"firstPublished":168,"testRatio":23,"createdBy":100,"lastUpdatedBy":24,"meta":197,"rev":171},[],[],{"video":161,"jobTitle":162,"author":163,"qoute":29,"quote":164,"image":165},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":198,"hasAutosaves":34},{"small":32,"medium":33},{"text":173,"url":174},{},1776256937553,1776256937540,[],"xggsv10v1q9",{"createdDate":206,"id":207,"name":208,"modelId":186,"published":13,"stageModifiedSincePublish":6,"query":209,"data":210,"variations":220,"lastUpdated":221,"firstPublished":222,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":223,"meta":224,"rev":204},1776256949234,"ce043785b71b4ece98eac811ecf4ba10","inductive-automation",[],{"link":211,"type":117,"testimonial":212,"testimonialLink":118},{},{"@type":120,"id":121,"model":117,"value":213},{"query":214,"folders":215,"createdDate":125,"id":121,"name":126,"modelId":127,"published":13,"data":216,"variations":217,"lastUpdated":133,"firstPublished":134,"testRatio":23,"createdBy":100,"lastUpdatedBy":100,"meta":218,"rev":137},[],[],{"author":129,"jobTitle":130,"quote":126,"image":131},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":219,"hasAutosaves":34},{"small":32,"medium":33},{},1776256974140,1776256974130,[],{"breakpoints":225,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},{"createdDate":227,"id":228,"name":229,"modelId":230,"published":13,"stageModifiedSincePublish":6,"query":231,"data":237,"variations":265,"lastUpdated":266,"firstPublished":267,"testRatio":23,"screenshot":268,"createdBy":269,"lastUpdatedBy":269,"folders":270,"meta":271,"rev":275},1761751202674,"173e91572a2f465da724069aeffeeda5","PR20251030 LinkedIn Phishing Campaign","f4b8a13df871497bb5e61c4707cfc5e5",[232],{"@type":233,"property":234,"operator":235,"value":236},"@builder.io/core:Query","urlPath","is","/news/push-security-identifies-linkedin-phishing-campaign",{"seoTitle":238,"date":239,"seoDescription":240,"image":241,"title":242,"themeId":6,"blocks":243,"url":236,"state":259},"Push Security Sees Increase in Sophisticated LinkedIn-based Phishing Campaigns","Thu Oct 30 2025 00:00:00 GMT-0700 (Pacific Daylight Time)","Push Security finds attackers are increasingly chaining legitimate Google and Microsoft services to mask phishing lures, bypassing traditional detection methods","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb48d2f175ee84d8d9cf50c519fdf25d3","Push Security Identifies Surge in Sophisticated LinkedIn-based Phishing Campaigns",[244,254],{"@type":47,"@version":48,"id":245,"component":246,"responsiveStyles":250},"builder-bfe77aa6bb5c43cfb4eeebd21e77f6a8",{"name":247,"options":248,"isRSC":62},"Text",{"text":249},"\u003Cp>\u003Cem>Attackers are increasingly chaining legitimate Google and Microsoft services to mask phishing lures, bypassing traditional detection methods\u003C/em>\u003C/p>\u003Cp>BOSTON — Oct. 30, 2025 — Push Security, a leader in browser-based detection and response, today announced the \u003Ca href=\"https://pushsecurity.com/blog/new-phishing-campaign-identified-targeting-linkedin-users\" rel=\"noopener noreferrer\" target=\"_blank\">discovery of a LinkedIn-based phishing campaign \u003C/a>that reflects a broader and accelerating trend: attackers are moving beyond email to target business users through social platforms like LinkedIn, while leveraging legitimate cloud services to disguise their attacks.\u003C/p>\u003Cp>In this latest campaign, intercepted by Push’s browser-native security platform, the attackers used a complex series of redirects through trusted Google and Microsoft services — including Google Search, Firebase, and Microsoft Dynamics — before landing victims on a credential-stealing page impersonating Microsoft.\u003C/p>\u003Cp>“Phishing attacks are no longer confined to the inbox,” said Adam Bateman, CEO of Push Security. “Attackers are meeting employees everywhere they work and communicate — including apps like LinkedIn — and they’re hiding in plain sight behind trusted domains that traditional defenses are programmed to ignore.”\u003C/p>\u003Cp>\u003Cstrong>A Growing Trend: LinkedIn as a Phishing Channel\u003C/strong>\u003C/p>\u003Cp>Push’s researchers have observed a sharp increase in phishing lures sent through **LinkedIn direct messages, exploiting the fact that the platform is widely used for legitimate professional outreach but falls outside the visibility of traditional enterprise email security tools. This is the \u003Ca href=\"https://pushsecurity.com/blog/how-push-stopped-a-high-risk-linkedin-spear-phishing-attack/\" rel=\"noopener noreferrer\" target=\"_blank\">second LinkedIn-targeted campaign\u003C/a> identified by Push in recent months, suggesting that attackers are increasingly viewing the platform as a reliable route to reach high-value targets such as executives, sales leaders, and hiring managers.\u003C/p>\u003Cp>Because LinkedIn sits outside enterprise phishing filters and other traditional cybersecurity solutions, attackers are able to initiate contact, send malicious links, and socially engineer victims with fewer barriers,” said Jacques Louw, chief product officer at Push Security. “The result is a blind spot in enterprise visibility and control, leaving employees exposed even on devices managed by corporate IT.\u003C/p>\u003Cp>\u003Cstrong>Legitimate Services Used to Evade Detection\u003C/strong>\u003C/p>\u003Cp>In this campaign, the attackers used a multi-layered redirect chain involving legitimate cloud services — such as Google Sites, Google Search, Firebase, and Microsoft Dynamics — to mask the destination of malicious links. By embedding redirects through reputable domains, attackers can dramatically reduce the likelihood of their links being flagged or blocked by automated tools.\u003C/p>\u003Cp>Attackers also deployed \u003Ca href=\"https://www.cloudflare.com/application-services/products/turnstile/\" rel=\"noopener noreferrer\" target=\"_blank\">Cloudflare Turnstile bot protection\u003C/a> to prevent automated analysis of their phishing sites, and used page obfuscation techniques — randomizing visual elements, titles, and code structures — to defeat detection signatures.\u003C/p>\u003Cp>“These tactics are becoming increasingly common in the phishing ecosystem and reflect just how well attackers understand how modern defenses operate,” said Louw. “We’re seeing adversaries take advantage of the trust placed in legitimate services like Google and Microsoft to build redirect chains that hide their activity. This level of sophistication means phishing is becoming increasingly difficult to detect and stop for most organizations.”\u003C/p>\u003Cp>\u003Cstrong>From LinkedIn Chat to Credential Theft\u003C/strong>\u003C/p>\u003Cp>The attack sequence began with a LinkedIn direct message containing a seemingly benign link. After a series of redirects through legitimate platforms, the victim was presented with a Microsoft-branded “view document” page protected by a Cloudflare Turnstile challenge. Once completed, the victim was served an adversary-in-the-middle (AiTM) phishing page designed to steal the user’s Microsoft session, bypassing controls like MFA.\u003C/p>\u003Cp>The rise of social media–delivered phishing campaigns underscores a broader shift in attacker strategy. As defenses around corporate email improve, adversaries are turning to less-guarded communication channels — and coupling them with legitimate cloud services — to maximize reach and minimize detection.\u003C/p>\u003Cp>Push researchers expect this trend to continue, with future phishing operations blending across channels and platforms that sit outside traditional enterprise security visibility.\u003C/p>\u003Cp>\u003Cstrong>Push Security’s Advantage: Real-Time, Browser-Based Detection\u003C/strong>\u003C/p>\u003Cp>Push Security detected and blocked the attack in real time by identifying the malicious activity in the user’s browser session—where the attack actually unfolds—rather than relying on URL reputation, email scanning, or threat intelligence feeds.\u003C/p>\u003Cp>“These campaigns show how attackers are bypassing every traditional control point — email gateways, link scanners, domain filters — by abusing the same trusted tools that enterprises rely on,” said Louw. “Push protects users in real-time in the browser, no matter how or where malicious content reaches the user.”\u003C/p>\u003Cp>Push’s browser-native platform identifies and blocks a wide range of browser-based attacks, including AiTM phishing, credential stuffing, session hijacking, and password reuse. Beyond detection, Push also helps organizations harden their identity attack surface by uncovering security gaps such as unmanaged logins, weak MFA coverage, and risky OAuth integrations.\u003C/p>\u003Cp>For more details on this campaign, check out our \u003Ca href=\"https://pushsecurity.com/blog/new-phishing-campaign-identified-targeting-linkedin-users\" rel=\"noopener noreferrer\" target=\"_blank\">research blog post here\u003C/a>.\u003C/p>\u003Cp>\u003Cstrong>About Push Security\u003C/strong>\u003C/p>\u003Cp>Push Security is the secure enterprise browser extension for security teams. Founded by red team and blue team experts, Push combines high-fidelity browser telemetry, real-time control, and autonomous agents to stop advanced attacks, secure AI usage, harden identities, and prevent data loss — all from your users’ existing browsers, no migration required. Push is backed by Decibel, GV (Google Ventures), Redpoint Ventures, Datadog Ventures, B3 Capital and other notable angel investors. For more information, visit \u003Ca href=\"https://pushsecurity.com/\" rel=\"noopener noreferrer\" target=\"_blank\">https://pushsecurity.com\u003C/a> or follow \u003Ca href=\"http://x.com/pushsecurity\" rel=\"noopener noreferrer\" target=\"_blank\">@pushsecurity\u003C/a>.\u003C/p>",{"large":251},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"lineHeight":252,"height":253},"normal","auto",{"id":255,"@type":47,"tagName":83,"properties":256,"responsiveStyles":257},"builder-pixel-ed6yd9q5a25",{"src":85,"aria-hidden":86,"alt":29,"role":87,"width":68,"height":68},{"large":258},{"height":68,"width":68,"display":90,"opacity":68,"overflow":91,"pointerEvents":92},{"deviceSize":94,"location":260},{"pathname":236,"path":261,"query":264},[262,263],"news","push-security-identifies-linkedin-phishing-campaign",{},{},1778019828396,1761825760362,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff2be5f689d9046d19233a6c044ed35c6","rGmJFEtPqFbC0o3fwsbG5B9aNv03",[],{"hasLinks":6,"kind":272,"lastPreviewUrl":273,"breakpoints":274,"hasAutosaves":6},"page","https://pushsecurity.com/news/push-security-identifies-linkedin-phishing-campaign?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=press-pages&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.press-pages=173e91572a2f465da724069aeffeeda5&builder.overrides.173e91572a2f465da724069aeffeeda5=173e91572a2f465da724069aeffeeda5&builder.overrides.press-pages:/news/push-security-identifies-linkedin-phishing-campaign=173e91572a2f465da724069aeffeeda5&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},"c4gef8tamd",1784196735686]