Forged linkedin invitation phishing? How does it work?

Question

I get a steady stream of phishing emails but this one is really weird. I keep getting an email that appears extremely legitimate from Linkedin. I knew something was wrong with it however because it came to an address I do not use for Linkedin and moreover the person who was supposedly requesting the connection says she never sent it, so it would appear to be a forgery. The email address was known to my counterparty, so it is possible her computer is hacked and they vacuumed her email address book to get my address.

The only problem is that the clickable link in the email does appear to go to Linkedin. Here is the link (edited slight to invalidate the tokens):

https://www.linkedin.com/comm/start/accept-invitation?sharedKey=z65BZQRm&invitationId=6182181234249090451&trk=eml-first_guest_reminder_01-hero-2-accept_button&trkEmail=eml-first_guest_reminder_01-hero-2-accept_button-null-bsjb8a%7Fjwf76e8g%7E5g

Since this link does appear to be going to Linkedin (not the usual Russian proxy), how can the phisher possibly be using it?

Answer 1

If you have verified that this email actually comes from LinkedIn, then the spoofing is likely on the other side: somebody pretending to be your friend wanted to connect to you, possibly to better impersonate that friend or to otherwise traverse their (or your) professional networks.

From there, they can launch a more sophisticated attack (think APT or BEC).