Seeing suspicious emails on LinkedIn? The professional networking site is one of the most popular brands targeted by cyber criminals. Fifty-two percent of all phishing attackers attempted to leverage LinkedIn during the first quarter of this year. This represents a 44% increase over the previous quarter, when LinkedIn attacks only comprised 8% of phishing attempts globally.
LinkedIn account attacks
The phishing emails commonly appear as though they originate from LinkedIn, but link clicks lead to a look-alike login page. Once a person has input credentials, the credentials are stolen by cyber attackers. The attackers typically use the information to log into the victim’s LinkedIn account.
What else we know
These LinkedIn attacks lack sophistication. However, by targeting users of LinkedIn, there is a reasonable probability that some users will not notice that they are interacting with a phishing attack.
“These phishing attempts are attacks of opportunity…Criminal groups orchestrate these phishing attempts on a grand scale, with a view to getting as many people to part with their personal data as possible. Some attacks will attempt to gain leverage over individuals or steal their information, such as those we’re seeing with LinkedIn,” says Check Point’s data research group manager, Omer Dembinsky.
Although LinkedIn was the most commonly imitated brand during Q1 of this year, it is not the only company that cyber criminals are spoofing in phishing attempts. Other brands include DHL, Google, Microsoft, FedEx, WhatsApp, Amazon and Apple. Objectives commonly include credential theft, delivery of malicious links, or delivery of corrupt software.
What to watch for
Cyber criminals leverage phishing campaigns because they function as reliable means of achieving nefarious intents. Nonetheless, in many cases, there are tell-tale signs indicating a phishing attempt.
- Employees should be trained to recognize anomalous content – quirks of email messages, such as incorrect dates and misspelled domain names, which can indicate phishing.
- Employees should also know these means of recognizing LinkedIn phishing threats – here
- Further, employees who encounter LinkedIn or other social media phishing attempts should be sure to report them to the appropriate community accounts or monitors.
This common tactic can also lure victims
One means of getting people to click on phishing emails includes claiming that the individual’s account has been hacked. As a website user, in the event that you’re concerned about an account hack, the best way to proceed is by ignoring the email and visiting the website directly. In the event of an authentic issue, the website or its administrators will be able to provide more information and to assist.
The potential for phishing attacks and the probability of an employee clicking on attack ‘bait’ are growing. Check Point Software encourages users to remain cautions around sharing personal information online, divulging credentials to business applications and websites, clicking on links and opening email attachments. Emails that claim to originate from LinkedIn, DHL or other aforementioned brands are likely impersonated.
Get more information about how hackers are leveraging LinkedIn and other social media sites here. Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.