Careful! LinkedIn Is Now A Professional Social Network That Is Often Used For Phishing Attacks
JAKARTA - Job site and professional social network LinkedIn were frequently used by cybercriminals to carry out brand phishing attacks during the first quarter (Q1) of this year.
According to a Check Point Research (CPR) report, LinkedIn accounts for more than half of all brand phishing attacks, and this is the first time the company has taken the top spot in the Q1 2022 Brand Phishing Report.
According to the report, cybercriminals now prefer to take advantage of social networks over shipping companies and tech giants including Google, Microsoft and Apple.
Evidently, as many as 52 percent of all phishing attacks globally during Q1 which marked a dramatic increase from 44 percent in the previous quarter mimicked LinkedIn.
It should be noted, in brand phishing attacks, cybercriminals attempt to impersonate the official websites of well-known companies by using similar domain names and webpage designs.
From here, the link to the fake website is sent to the targeted individual via email or text message. These fake websites also often contain forms intended to steal user credentials, payment details, or other personal information.
As for other companies whose brands are often used in phishing attempts, global shipping company DHL came in second with 14 percent, followed by Google at 7 percent, Microsoft at 7 percent and FedEx at 6 percent.
In addition to these companies, Amazon, Maersk, AliExpress, Apple, and WhatsApp also round out the list of the top 10 CPRs that account for nearly 1 in 20 phishing-related attacks worldwide.
Omer Dembinsky, manager of the data research group at Check Point Software, explains how the cybercriminals behind brand phishing attacks will also try to spread malware on corporate networks in addition to stealing sensitive personal and business information.
“This phishing attempt is an attack of opportunity, clear and simple. Criminal groups orchestrate these phishing attempts on a large scale, with the aim of getting as many people as possible to release their personal data," Dembinsky said as quoted by TechRadar, Thursday, April 21.
Dembinsky added, some attacks will attempt to gain influence over individuals or steal their information, such as LinkedIn. Others will try to spread malware on corporate networks, such as the fake emails containing the spoof-bearing documents we see with the likes of Maersk.
"If there is any doubt that social media will be one of the sectors most targeted by criminal groups, Q1 has dispelled that doubt," Dembinsky said.
To avoid falling victim to brand phishing attacks, CPR recommends that users remain cautious when providing personal data and credentials to business applications or websites.
Even they should think twice before opening email attachments or links, look for spelling mistakes in emails and domains used by websites and beware of urgent requests like changing passwords.