Repeated passwordless login links from linkedin
In the past few weeks I've seen periodic attempts of someone logging in to my linkedin accounts. They appear to use some sort of one time login link feature that linkedin has, which allows passwordless sign in if you know (and can access) the email address. Basically I get some one time instant login link in my inbox, which theoretically allows anyone access to my linkedin. The link is valid for just 15 minutes. These emails seem legit, although I still didn't click on the links. So they seem to be using the legit linkedin functionalities.
In any case, I am not particularly concerned about this. All accounts involved has 2FA enabled, so they can't hijack either the email nor linkedin without me knowing.
Now my curiosity is why would anyone repeatedly try his?
- Are they trying to bypass my 2FA?
- Do they hope that one day I'd need one of those instant login links for legit reasons and hope I'd click on one of the links they generated? can they somehow hijack the session?
- Is this some sort of complex social engineering meant to confuse me so hard that's I'd somehow click on the links?
This might sound similar to his other unanswered question: Repeated microsoft password reset requests - Should I be concerned?
But the vector of attack is different. In that question, OP gets password reset link to their secondary address. Here, the attacker appears to be using some sort of passwordless login feature of linkedin, which they can't use without my email anyways.
