An ongoing phishing campaign is abusing a feature from LinkedIn called Smart Links in order to bypass some security filters.

Deviating from an earlier campaign whose focus was on extracting payment information, researchers at Cofense saw an increase in a campaign that abused Smart Links feature to phish out Microsoft credentials.

Attackers leveraged LinkedIn’s Smart Link feature to redirect recipients to a credential harvesting web page bypassing email security gateway.