At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Phishing Emails Impersonating LinkedIn Surge by 232%

    LinkedIn

    Email phishing attacks impersonating Linkedin have increased by 232% since February 1 2022, according to Egress.

    The cybersecurity vendor said this surge is linked to the so-called ‘Great Resignation,’ in which record numbers of employees are leaving their jobs and searching for new opportunities amid the COVID-19 crisis. For example, a record number of Americans left their jobs in 2021 for new opportunities.

    Vast numbers of jobseekers use LinkedIn to find and apply for new positions, and the researchers revealed that cyber-attackers are increasingly leveraging the professional social networking site to socially engineer victims into clicking on phishing links and then entering their credentials into fraudulent websites.

    The sophisticated attacks all follow a similar pattern – using webmail addresses with a LinkedIn display name – while the phishing emails are sent from separate webmail accounts that have zero correlation to each other. They also use subject lines similar to those used by the social networking site, including: ‘You appeared in 4 searches this week,’ ‘You have 1 new message,’ ‘Your profile matches this job’ and ‘Who’s searching for you online.’

    In addition, the attackers are using multiple stylized HTML templates to make them appear genuine, such as the LinkedIn logo, brand colors and icons. The bottom of the message accurately mimics LinkedIn’s genuine email footer, with its global HQ address, hyperlinks to unsubscribe and to its support section and the recipient’s information.

    Within the body of the email, other well-known organizations’ names are used, including American Express and CVS Carepoint. When the links are clicked, the victim is taken to a website that harvests their LinkedIn log-in credentials.

    Egress said the attacks successfully bypass traditional email security defenses to reach people’s inboxes. Currently, it is unknown whether the attacks are being conducted by a single cyber-criminal or a gang operating together.

    “The targets vary, covering companies in both North America and the UK, and operating within different industries. LinkedIn states it has over 810 million members in more than 200 countries, which provides an extensive victim pool for cyber-criminals. Many professionals choose to include their corporate email address within their profile, and many regularly receive update communications from LinkedIn. Consequently, they could be more trusting of a stylized phishing email. The cyber-criminal(s) involved has likely used a legitimate LinkedIn email as their starting point for these attacks. They have used branded elements, including the current LinkedIn logo, to make the phishes more convincing.”

    Yesterday, Barclays released new research on scams, which found nearly two-thirds (64%) of Brits would be more likely to comply with a request if it came from a high-profile institution.

    With thanks to the Cyber Defence Alliance and InfoSecurity Magazine. the full story is here: https://www.infosecurity-magazine.com/news/phishing-emails-linkedin/

    Don’t get hacked by social media phishing attacks!

    Many of your users are active on Facebook, LinkedIn, and Twitter. Cybercriminals use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization’s reputation, or gain access to your network.

    KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.

    SPT-monitor

    Here’s how the Social Media Phishing Test works:

    • Immediately start your test with your choice of three social media phishing templates
    • Choose the corresponding landing page your users see after they click
    • Show users which red flags they missed or send them to a fake login page
    • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered
    Go Phishing Now!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/social-media-phishing-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top