Researchers have uncovered what could be the first AI-powered malicious ad campaign aimed at hijacking enterprise social media platform LinkedIn to obtain sensitive personal information about its users who work in sales.
Cybersecurity researchers at SafeGuard Cyber recently discovered an ad on LinkedIn promoting a white paper that would help sales professionals streamline their sales process and close more deals.
The ad creative, described by researchers as “bizarre,” featured a color pattern in the bottom right corner, typically seen in images produced by the Dall-E generative AI model.
give away phone numbers
Dall-E works by using text-based prompts. A user would tell the artificial intelligence what he wants and the model would generate the image.
The ad text invited readers to register, and in exchange for their personal data (opens in a new tab), get the white paper. It was created by an account called “Sales Intelligence”, which investigators found suspicious. The company page was largely blank, hosting only a link directing visitors to a jewelry store in Arizona. While they can’t say for sure, the researchers speculate that the link was only added to fill in the required fields to set up the page.
The white paper does not exist either.
Instead, people who sign up simply share their personal data hosted on LinkedIn, such as email and phone numbers, with the attackers. These details can later be used in different phishing and social engineering attacks.
“Finding this fake LinkedIn ad was a significant reminder of the new dangers of social engineering that now appear when combined with generative AI,” the researchers said.
While the researchers focused on the image, the ad text is most likely AI-generated as well. Running the ad content through an AI detector gave us a score of 79%, which means that the content was likely at least partly done by AI.