How Smart Links Attacks Target Microsoft Accounts

Smart links are a feature of LinkedIn that allows users to share and track content with their contacts. However, hackers have found a way to abuse this feature to launch phishing attacks that aim to steal Microsoft account credentials. In this article, we will explain how smart links attacks work and how to protect yourself from them.

What are smart links?

Smart links are links that use the LinkedIn domain and a unique code to direct users to a content page hosted by LinkedIn. The content page can contain up to 15 documents, such as PDFs, images, or videos, that can be viewed or downloaded by the recipients. Smart links are mainly used by LinkedIn Sales Navigator and Enterprise users for marketing and tracking purposes. They can see who viewed or downloaded their content, how long they spent on each document, and other engagement metrics.

How are smart links abused for phishing?

Hackers have discovered that they can use smart links to bypass email security products and evade detection. They create or compromise LinkedIn business accounts and use them to generate malicious smart links that redirect users to phishing pages. The phishing pages look like legitimate Microsoft login portals and ask users to enter their email and password. The hackers can then use the stolen credentials to access the victims’ Microsoft accounts and services, such as Outlook, OneDrive, or Teams.

The hackers use various email lures to trick users into clicking on the smart links. Some of the common themes are:


The emails appear to come from legitimate sources, such as banks, colleagues, or LinkedIn itself. They use social engineering techniques to create a sense of urgency or curiosity in the recipients. For example, they may claim that there is a problem with their account, that they have received a new document, or that they need to verify their identity.

The smart links have several advantages for the hackers:

How to protect yourself from smart links attacks?

Smart links attacks are not new. They have been reported as early as 2022 by security researchers¹². However, they have resurfaced in 2023 with a large-scale campaign targeting various industries¹. Therefore, it is important to be aware of this threat and take precautions to avoid falling victim to it.

Here are some tips to protect yourself from smart links attacks: