Retail, shipping, and tech companies are no longer the most common brands that hackers use to hide their attempts at phishing. These days, social media platforms are the main choice, and hackers are using sites like LinkedIn to dupe victims into giving them information. In fact, when we look at global phishing attacks during the first three months of 2022, more than half were from LinkedIn brands.
Phishing scams on LinkedIn generally revolve on stealing credentials, financial scams, espionage, and impersonations design to facilitate all of the above.
The research company, Check Point, released a report that shows LinkedIn and associated brands have been used 44% more by hackers when compared to the previous quarter, the final three months of 2021. At that point, these brands were used in only about 8% of all phishing attempts.
In this report, it shows that LinkedIn is the most targeted brand, but other brands, like WhatsApp, are also being used for these dastardly deeds. WhatsApp is in the top 10 of all brands being used for phishing scams, and it accounts for about 1 in 20 phishing attacks worldwide. Shipping companies, too, like DHL, are also popular options for hackers, too. The top five are LinkedIn, DHL, Google, Microsoft, and FedEx. WhatsApp, Amazon, Maersk, AliExpress, and Apple round out the top 10.
Detecting LinkedIn Phishing Scams and Fake Profiles
It can be difficult to detect LinkedIn phishing scams because many of these emails look extremely convincing. So, how can you determine what is real and what is fake? Here are some tips:
- Take a look at the information on the sender. It should come from an address from LinkedIn.com. However, even if it does, there is still a chance it is fake.
- Look at the content – if it has a lot of misspellings, grammar issues, or typos, it is likely a scam.
- If there is a link that you are asked to click, hover over it first to see where it’s leading. If it is not from a LinkedIn.com domain, do not click on it
- If there is an attached file, don’t open it. This is a fake email. LinkedIn would never send a file, and if you open it, you could infect your computer.
- In any case, if something looks strange or suspicious, do not click anything or open any files.
There also might be fake profiles on LinkedIn that are focused on phishing attempts. Here are some tips to help identify them.
- Check the entire profile for anything weird or odd. Things like inconsistencies may stand out.
- Take a look at the number of contacts the person has – if it is low, it could be a profile that is newly created just to fraud others.
- Is there an easy way to see why the person contacted you? Like are you in the same industry?
- Is the person trying to share a file with you? Don’t accept it, and don’t fall for any type of sense of urgency.
If you have any doubts, or you are curious about what is said in the message, if it’s that important to you, don’t hesitate to contact LinkedIn. Ask to speak to that person. The person who answers will confirm or deny that the individual in question works for the company, and if they are legitimate, they can confirm or deny if they sent the message. You can also report LinkedIn scams as well.
Remember, cybercriminals can easily compromise LinkedIn accounts that are legitimate, so it’s very important to confirm via another communication channel, like a phone, if you are getting strange LinkedIn messages.
Proactively, engage your team in phishing simulation training to make them aware of what to look out for. This type of security awareness training is a cost-effective form of risk management.
Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.