As the most imitated brand in phishing attempts, is LinkedIn really safe for professional networking?

• Based on a Brand Phishing report by Check Point Research, LinkedIn appears to have dominated the rankings for the first time ever, accounting for more than half (52%) of all phishing attempts during the quarter.
• The numbers represent a dramatic 44% increase from the previous quarter, when the professional networking platform was in fifth position and related to only 8% of phishing attempts.
• Other Big Tech companies like Amazon, Apple, Google, and Microsoft remained in the top 10, as did shipping companies DHL, AliExpress, FedEx, and Maersk.

More often than not, criminals in their attempts to steal individuals’ personal information or payment credentials, would always target industries like shipping, retail and technology. The focus is however now shifting towards social media networks–the most likely category targeted by criminal groups, according to a brand phishing report by Check Point. In fact, for the first time, professional networking platform LinkedIn is tied to more than half (52%) of all phishing-related attacks globally.

The report highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals’ personal information or payment credentials during the first three months of this year. The surprising numbers with LinkedIn represent a dramatic 44% increase from the previous quarter, when the professional networking platform was in fifth position, contributing  to only 8% of phishing attempts. 

LinkedIn actually overtook DHL as the most targeted brand, which has now fallen to second position and accounted for 14% of all phishing attempts during the quarter. “Our latest report highlights an emerging trend toward threat actors leveraging social networks, now the number one targeted category ahead of shipping companies and technology giants such as Google, Microsoft and Apple,” Check Point said in a statement.

The report highlights a particular example where LinkedIn users are contacted via an official-looking email in an attempt to lure them to click on a malicious link. Once there, users would be again be prompted to log-in via a fake portal where their credentials would be harvested. Messaging app WhatsApp also maintained its position in the top ten, accounting for almost one in 20 phishing-related attacks worldwide. 

“As always, we encourage users to be cautious when divulging personal data and credentials to business applications or websites, and to think twice before opening email attachments or links, especially emails that claim to be from companies such as LinkedIn or DHL, as they are currently the most likely to be impersonated,” Check Point added.

LinkedIn and its recent brand phishing incidents

For starters, a brand phishing attack like what LinkedIn is facing is when criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site. The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application.

These fake websites often contain a form intended to steal users’ credentials, payment details or other personal information. “These phishing attempts are attacks of opportunity, plain and simple. Criminal groups orchestrate these phishing attempts on a grand scale, with a view to getting as many people to part with their personal data as possible,” said Check Point Software data research group manager Omer Dembinsky commented.

“Some attacks will attempt to gain leverage over individuals or steal their information, such as those we’re seeing with LinkedIn. Others will attempt to deploy malware on company networks, such as the fake emails containing spoof carrier documents that we’re seeing with the likes of Maersk,” he said, adding that the doubts that social media would become one of the most heavily targeted sectors by criminal groups can be laid to rest. 

Prior to this, in a separate report, within two weeks of February 2022 alone, cybersecurity firm Egress recorded a 232% increase in email phishing attacks which are impersonating LinkedIn. “These attacks use display name spoofing and stylized HTML templates to socially engineer victims into clicking on phishing links and then entering their credentials into fraudulent websites,” reads its blog posting.

Based on Egress’ analysis, the current employment trends could be attributed to the attack. “The Great Resignation continues to dominate headlines, and a record number of Americans left their jobs in 2021 for new opportunities. It is likely these phishing attacks aim to capitalize on jobseekers (plus curious individuals) by flattering them into believing their profile is being viewed and their experience is relevant to household brands,” it added.

To recall, in 2021 alone, LinkedIn was breached a few times. What started as reports of a massive sale of information scraped from 500 million LinkedIn user profiles in the underground in May, led to another wide scale breach in July whereby 92% (700 million) of LinkedIn users’ data were put up for sale online.

Check Point concluded its findings by emphasizing that LinkedIn users in particular should be extra vigilant over the course of the next few months, considering how they could well be the target for brand phishing attacks. “While Facebook has dropped out of the top ten rankings, LinkedIn has soared to number one and has accounted for more than half of all phishing attempts so far this year. The best defense against phishing threats, as ever, is knowledge.”

---

---

---

---