Cybercriminals are increasingly targeting job seekers on LinkedIn with fake emails of employment to steal their money and personal data. Check Point Research (CPR) in its new report titled: ‘Brand Phishing Report’ highlights that LinkedIn is now the most often imitated brand by cyber criminals for phishing.
The social media network dominated the rankings for the first time ever, accounting for more than half (52 per cent) of all phishing attempts during the first quarter (January- March). This represents a 44 per cent uplift from the previous quarter, where the professional networking site was in fifth position accounting for only 8 per cent of phishing attempts.
LinkedIn overtook DHL as the most targeted brand–now in second position and accounts for 14 per cent of all phishing attempts during the quarter– while FedEx has moved from seventh position to fifth and accounts for 6 per cent of all phishing attempts. Meanwhile, Maersk and AliExpress have entered the top ten list for the first time.
According to CPR, attackers contact victim via an official-looking email in an attempt to lure them to click on a malicious link. Once there, victim would be again prompted to log-in via a fake LinkedIn portal where their credentials would be harvested. The fake website often contains a form intended to steal user credentials, payment details and other personal information.
“These phishing attempts are attacks of opportunity, plain and simple. Criminal groups orchestrate these phishing attempts on a grand scale, with a view to getting as many people to part with their personal data as possible,” said Omer Dembinsky, Data Research Group Manager at Check Point Software. “Some attacks will attempt to gain leverage over individuals or steal their information, such as those we’re seeing with LinkedIn.”
Shipping is now the second most targeted category with threat actors continuing to take advantage of the general rise in e-commerce by targeting consumers and shipping companies directly.
“The best defense against phishing threats, as ever, is knowledge. Employees in particular should be trained to spot suspicious anomalies such as misspelled domains, typos, incorrect dates and other details that can expose a malicious email or text message. LinkedIn users in particular should be extra vigilant over the course of the next few months,” Dembinsky advised.
Below are the top brands ranked by their overall appearance in brand phishing attempts:
1. LinkedIn (relating to 52 per cent of all phishing attacks globally)
2. DHL (14 per cent )
3. Google (7 per cent )
4. Microsoft (6 per cent )
5. FedEx (6 per cent )
6. WhatsApp (4 per cent )
7. Amazon (2 per cent )
8. Maersk (1 per cent )
9. AliExpress (0.8 per cent )
10. Apple (0.8 per cent )