LinkedIn has officially become the most impersonated brand used in phishing attacks, according to a new report from cybersecurity firm Check Point.
The phenomenon suggests that scammers are pivoting toward targeting wealthy, powerful professionals working for profitable businesses.
The news is a grim reminder that there’s never been a better time to bolster your company’s security defenses with antivirus software – many of the top providers now offer built-in email scanners
Don’t Click on Anything That’s LinkedIn the Email
According to Check Point’s Q1 2022 Brand Phishing Report, LinkedIn was impersonated in 52% of global phishing attacks in the first quarter of this year, more than any other brand.
This is a massive change from the final three months of 2021, within which LinkedIn was the fifth-most common brand for phishing scammers to impersonate, accounting for 8% of attacks.
German courier service DHL – which was the second most impersonated brand in phishing attacks – accounted for just 14% by comparison. Google (7%), Microsoft (6%), Whatsapp (4%), and Amazon (2%) joined DHL in the top 10.
Some of the phishing scams identified by Check Point used LinkedIn’s official logo and others provided victims with a link to a page that looks exactly like LinkedIn’s homepage.
What does this data tell us?
The pivot to LinkedIn over consumer services like delivery companies is likely down to two key reasons. Firstly, Linkedin is a social media platform. Hacking into someone’s social media opens up different possibilities than, say, someone’s DHL account.
From a Scammer's perspective, gaining access to Social Media Account – especially one owned by a businessman – could open up endless possibilities for more fraud.
Control of a social media account would allow a scammer to message hundreds of other individuals and contains reams of personal information like birth dates, phone numbers, and other personal details that could be used to bypass security questions on other sites.
But Linkedin popping up in more phishing attacks than ever before also suggests that threat actors are increasingly moving towards “spear-phishing” – targeting specific, high-profile targets in high stakes, high reward scams – and away from phishing regular internet users.
How can I Protect My Business from Phishing Attacks?
In order to protect yourself from Phishing, you need a two-pronged attack: software and training. Both are equally as important as one another, but for completely different reasons.
Although a phishing attack doesn’t have to be malware-based, many of them are. So, antivirus software is a great place to start because it will detect and block malicious content if it's being loaded onto your computer without your knowledge.
Plus, the best antivirus software for business nowadays will come with a built-in email scanner to flag suspicious emails for you and give everyone in your company a helping hand in avoiding danger.
For phishing attacks that do not involve malware, you’re going to have to regularly train staff to spot the tell-tale signs that an email is a scam. Training may also involve novel techniques to improve understanding such as simulated phishing attempts.
Phishing attacks are only going to get more sophisticated, but using the tools and resources you have at your disposal will ensure you have the best chance of avoiding them.