Researchers have uncovered what might be the very first artificial intelligence-powered, malicious ad campaign aimed at hijacking business social media platform LinkedIn to obtain sensitive personal information on its users working in sales.
Cybersecurity researchers from SafeGuard Cyber recently discovered an ad on LinkedIn promoting a whitepaper that would help sales professionals optimize their sales process and close more deals.
The ad’s creative, described by the researchers as “bizarro”, featured a color pattern in the lower right corner, usually seen on images produced by Generative AI model Dall-E.
Giving away phone numbers
Dall-E works by text-based prompts. A user would tell the artificial intelligence what it wants, and the model would generate the image.
The ad copy invited the readers to sign up, and in exchange for their personal data (opens in new tab), get the whitepaper. It was set up by an account named “Sales Intelligence”, which the researchers found suspicious. The company page was largely blank, and only hosted a link that routed the visitors to a jewelry store in Arizona. While they can’t tell for certain, the researchers speculate the link was just added to fill the mandatory fields in order to set up the page.
The whitepaper is non-existent, too.
Instead, people that sign up would just share their personal details hosted on LinkedIn, such as email and phone, with the attackers. These details can later be used in different phishing and social engineering attacks.
“Encountering this fake LinkedIn ad was a significant reminder of new social engineering dangers now appearing when coupled with Generative AI,” the researchers said.
While the researchers focused on the image, the ad copy is most likely AI-generated, as well. Running the ad content through an AI detector has given us a score of 79%, meaning the content was likely done, at least partially, by AI.