April 20 – By a significant margin, LinkedIn has recently become the most impersonated brand when it comes to phishing attacks, according to new information from Check Point Research (CPR).
The researchers’ 2022 Q1 Brand Phishing report revealed that phishing attacks impersonating the social networking site comprised over 50% of all phishing attempts globally within the first quarter of 2022. As compared to the previous quarter, this represents a 44% increase. Previously, LinkedIn was the fifth most impersonated brand.
Experts note that the new trend reveals how social engineering scams are shifting away from a focus on shipping companies and ordinary tech giants. Instead, cyber scammers are turning towards social media networks.
LinkedIn brand phishing
Trailing LinkedIn, the most commonly impersonated brands within phishing attacks consisted of:
- DHL (14%)
- Google (7%)
- Microsoft (6%)
- FedEx (6%)
- WhatsApp (4%)
- Amazon (2%)
- Maersk (1%)
- AliExpress (0.8%)
- Apple (0.8%)
Data research group manager at Check Point Software, Omer Dembinsky, explained that, “These phishing attempts are attacks of opportunity…Criminal groups orchestrate these phishing attempts on a grand scale, with the intention of getting as many people to part with their personal data as possible.”
About the attacks
Dembinsky continued, “Some attacks will attempt to gain leverage over individuals or to steal their information; such as those we’re seeing with LinkedIn. Others will be attempts to deploy malware on company networks, such as the fake emails containing spoof carrier documents that we’re seeing with the likes of Maersk.”
Researchers have predicted an increase in social media-based cyber attacks for quite some time. Q1 of 2022 proved predictions. Although Facebook has dropped out of the top 10 rankings for most impersonated brand by phishing, it could see a resurgence in attacks in the near future.
Avoiding brand phishing
One of the best defenses against phishing threats consists of equipping yourself and your employees with knowledge pertaining to the latest threat types and how to behave in response to suspicious solicitations.
Employees are advised to watch out for misspelled domains, typos, incorrect dates and other red flags that can potentially expose a malicious email or text message. LinkedIn users, in particular, should take care to consider who reaches out to them, and whether or not it’s a good idea to connect.
Further thoughts
The latest LinkedIn findings parallel research conducted by Egress. The aforementioned firm found that, amidst the ‘Great Resignation’, LinkedIn attacks surged by 232%.
While LinkedIn itself has highlighted new measures put in place to protect users from attacks, members are also encouraged to report suspicious messages and to increase awareness around what attacks can look like. Applying two-step verification can help too.
For more information about LinkedIn impersonation attacks, visit the Check Point Blog. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.