LinkedIn becomes most impersonated brand in phishing attacks

Social media sites such as LinkedIn are increasingly becoming a target for phishing attempts, according to a new Check Point report

LinkedIn has recently become the most impersonated brand when it comes to phishing attacks, according to new information from Check Point Research (CPR).

Publishing its Brand Phishing Report for Q1 2022, Check Point Research’s report highlights the brands that were most frequently imitated by cybercriminals in their attempts to steal individuals’ personal information or payment credentials during January, February and March.

Social media becomes new playground for malicious actors 

The latest report highlights an emerging trend toward threat actors leveraging social networks, now the number one targeted category ahead of shipping companies and technology giants such as Google, Microsoft and Apple. 

Social media network, LinkedIn accounted for more than half (52%) of all phishing attempts during the quarter, representing a 44% uplift from the previous quarter. LinkedIn overtook DHL as the most targeted brand, which is now in second position and accounted for 14% of all phishing attempts during the quarter.

“These phishing attempts are attacks of opportunity, plain and simple. Criminal groups orchestrate these phishing attempts on a grand scale, with a view to getting as many people to part with their personal data as possible,” said Omer Dembinsky, Data Research Group. 

As well as LinkedIn being the most targeted brand by a considerable margin, WhatsApp maintained its position in the top ten, accounting for almost 1 in 20 phishing-related attacks worldwide. 

Cyber criminals are targeting the rise of eCommerce 

Shipping is now the second most targeted category, with threat actors continuing to take advantage of the general rise in e-commerce by targeting consumers and shipping companies directly. FedEx has moved from seventh position fifth, now accounting for 6% of all phishing attempts; and Maersk and AliExpress have entered the top ten list for the first time.  

“Some attacks will attempt to gain leverage over individuals or steal their information, such as those we’re seeing with LinkedIn. Others will be attempts to deploy malware on company networks, such as the fake emails containing spoof carrier documents that we’re seeing with the likes of Maersk,” added Dembinsky.

He continued: “If there was ever any doubt that social media would become one of the most heavily targeted sectors by criminal groups, Q1 has laid those doubts to rest. While Facebook has dropped out of the top ten rankings, LinkedIn has soared to number one and has accounted for more than half of all phishing attempts so far this year.”

One of the best defences against phishing threats consists of equipping yourself and employees with knowledge of how to spot a malicious message or how to respond. Watch out for misspelled domains, typos, incorrect dates, suspicious links and other red flags that can potentially expose a malicious email or text message. LinkedIn users, in particular, should take care to consider who reaches out to them, and whether or not it’s a good idea to connect.

 

 

Share

Featured Articles

Why CISOs Remain Crucial in the Age of Rampant Ransomware

As ransomware attacks escalate, the CISO has emerged as an indispensable guardian for the cybersecurity of companies

Q&A: Protiviti's Sameer Ansari on CISOs' Growing Challenges

Managing Director - Global Cybersecurity and Privacy Lead at Protiviti, Sameer Ansari discusses his views on the growing challenges CISOs now face

How Partnerships Proved Pivotal for UnitedHealth After Hack

When hackers hit UnitedHealth subsidiary Change Healthcare with a huge cyber attack, its partnership with Vyne Dental proved pivotal in managing fallout.

Transforming Cybersecurity: IBM & Palo Alto's AI Integration

Technology & AI

C-suite Indifference to Cyber Could Cost Business £145k

Operational Security

Why Avast Warn of Social Engineering in Cybersecurity

Operational Security