LinkedIn takes lead as most impersonated brand in phishing attacks
Security researchers are warning that LinkedIn has become the most spoofed brand in phishing attacks, accounting for more than 52% of all such incidents at a global level.
The data comes from cybersecurity company Check Point, who recorded a dramatic uptick in LinkedIn brand abuse in phishing incidents in the first quarter of this year.
According to the company, in the last quarter of 2021, LinkedIn held the fifth spot on the list, the count for impersonating attacks being a much lower 8%.
The second most mimicked brand is German package delivery DHL, which previously was at the top of the list. A contributing factor for this was the increased shopping during the holiday season.
In a LinkedIn impersonation sample that Check Point provided, the phishing email reaching the target’s inbox features LinkedIn logos and company-specific style, with a fraudulent request to connect with a made-up firm.
Social media phishing is on the rise, as also reported Vade cybersecurity company recently. This is because the takeover of accounts on these platforms opens up a host of practical possibilities for the threat actors. For example, the hackers may use compromised social media accounts to perform highly effective spear-phishing attacks, post links to malware-hosting sites, or send spyware directly to users who trust them.
In the case of LinkedIn, which is a professional-focused social media platform, the threat actors are likely aiming to perform spear-phishing attacks on high-interest targets, employees of specific companies and organizations. Another potential exploitation scenario would be sending laced documents masqueraded as job offers to specific targets, convincing them to open the files and activate malicious macro code.
For example, North Korean hackers have launched multiple spear-phishing campaigns in the past that leveraged LinkedIn, which proved to be very effective. However, the scale recorded by Check Point this time indicates that LinkedIn impersonation is no longer limited to advanced, narrow targeting threat groups like Lazarus.
With thanks to the Cyber Defence Alliance and Bleeping Computer. The full story is here: https://www.bleepingcomputer.com/news/security/linkedin-brand-takes-lead-as-most-impersonated-in-phishing-attacks/
Don’t get hacked by social media phishing attacks!
Many of your users are active on Facebook, LinkedIn, and Twitter. Cybercriminals use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization’s reputation, or gain access to your network.
KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.
Here’s how the Social Media Phishing Test works:
- Immediately start your test with your choice of three social media phishing templates
- Choose the corresponding landing page your users see after they click
- Show users which red flags they missed or send them to a fake login page
- Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/social-media-phishing-test-partner?partnerid=001a000001lWEoJAAW