LinkedIn has the dubious distinction of being this year’s most impersonated brand for phishing attacks.
A recent study from Check Point, a cybersecurity firm, found that the professionally-oriented social networking site is the favorite brand for phishers for the first and second quarters of 2022. Microsoft-themed emails came in at a distant second, closely followed by DHL and Amazon.
“LinkedIn based phishing campaigns imitated the style of communication of the professional social media platform with malicious emails using subjects like: ‘You appeared in 8 searches this week’ or ‘You have one new message’ or ‘I’d like to do business with you via LinkedIn,’ stated the report.
The platform’s appeal for cybercriminals is not coincidental: Members of the site tend to share details including their work history, education and professional accreditations, all of which can be leveraged toward more convincing phishing emails that use personalized information and are more difficult to detect. On a broader scale, LinkedIn profiles can provide insight as to the organizational and management structure of businesses that can be used in service of Business Email Compromise (BEC) campaigns.
While phishing remains the primary vector for cybercriminals to compromise businesses and organizations, the methods to protect against them remain consistent: Workplace training to recognize suspicious emails, security hardening and general data hygiene best practices have been found as effective lines of defense. Individuals should take precautions about not oversharing information that could lead to compromises, and organizations should regularly perform security audits about what information can be gleaned on social networks, including LinkedIn and Glassdoor.
Wondering how to protect against phishing attacks? Nodal can help! Contact us here.