LinkedIn becomes most impersonated brand in phishing attacks

LinkedIn has recently become the most impersonated brand when it comes to phishing attacks, according to new information from Check Point Research (CPR).

Publishing its Brand Phishing Report for Q1 2022, Check Point Research’s report highlights the brands that were most frequently imitated by cybercriminals in their attempts to steal individuals’ personal information or payment credentials during January, February and March.

Social media becomes new playground for malicious actors 

The latest report highlights an emerging trend toward threat actors leveraging social networks, now the number one targeted category ahead of shipping companies and technology giants such as Google, Microsoft and Apple. 

Social media network, LinkedIn accounted for more than half (52%) of all phishing attempts during the quarter, representing a 44% uplift from the previous quarter. LinkedIn overtook DHL as the most targeted brand, which is now in second position and accounted for 14% of all phishing attempts during the quarter.

“These phishing attempts are attacks of opportunity, plain and simple. Criminal groups orchestrate these phishing attempts on a grand scale, with a view to getting as many people to part with their personal data as possible,” said Omer Dembinsky, Data Research Group. 

As well as LinkedIn being the most targeted brand by a considerable margin, WhatsApp maintained its position in the top ten, accounting for almost 1 in 20 phishing-related attacks worldwide. 

Cyber criminals are targeting the rise of eCommerce 

Shipping is now the second most targeted category, with threat actors continuing to take advantage of the general rise in e-commerce by targeting consumers and shipping companies directly. FedEx has moved from seventh position fifth, now accounting for 6% of all phishing attempts; and Maersk and AliExpress have entered the top ten list for the first time.  

“Some attacks will attempt to gain leverage over individuals or steal their information, such as those we’re seeing with LinkedIn. Others will be attempts to deploy malware on company networks, such as the fake emails containing spoof carrier documents that we’re seeing with the likes of Maersk,” added Dembinsky.

He continued: “If there was ever any doubt that social media would become one of the most heavily targeted sectors by criminal groups, Q1 has laid those doubts to rest. While Facebook has dropped out of the top ten rankings, LinkedIn has soared to number one and has accounted for more than half of all phishing attempts so far this year.”

One of the best defences against phishing threats consists of equipping yourself and employees with knowledge of how to spot a malicious message or how to respond. Watch out for misspelled domains, typos, incorrect dates, suspicious links and other red flags that can potentially expose a malicious email or text message. LinkedIn users, in particular, should take care to consider who reaches out to them, and whether or not it’s a good idea to connect.