Cybersecurity researchers are alerting that LinkedIn has become the most faked brand in phishing attacks, contributing to more than 52% of all such cases globally. Check Point, a cybersecurity firm, reported a significant increase in LinkedIn brand misuse in phishing events in the first quarter of this year.
According to the firm, LinkedIn was ranked fifth on the list in 2021’s fourth quarter, with an impersonation attack rate of only 8%. The German package transportation company DHL, which was formerly at the top of the list, is the second most imitated brand. The increased buying throughout the Christmas season was one element leading to this. Shipping-related phishing communications accounted for 21.8% of all phishing messages in the first three months of 2022 when DHL, FedEx, Maersk, and Ali Express were combined.
The phishing email hitting the target’s inbox in a LinkedIn impersonation sample provided by Check Point has LinkedIn logos and company-specific style, along with a false request to connect with a made-up corporation. When the victim clicks the “Accept” button, they are sent to a phishing website that imitates an official LinkedIn login page and is housed at an illegitimate URL – carriermasr.com/public/linkedin.com/linkedin.com/login.php
According to the cybersecurity firm Vade, social media phishing is on the rise. This is because gaining control of accounts on these sites provides threat actors with a plethora of practical options. For example, hackers might use hacked social media accounts to launch very effective spear-phishing attacks, publish links to malware-hosting websites, or distribute spyware straight to users who trust them.
Threat actors are likely targeting spear-phishing attacks on high-interest targets, such as workers of certain corporations and organizations, on LinkedIn, a professional-focused social media site. Sending laced documents disguised as job offers to specific targets and convincing them to open the files and trigger malicious macro code is another possible attack scenario. For example, North Korean hackers have used LinkedIn in the past to undertake many spear-phishing attacks that were quite successful.
Check Point’s scale this time suggests that LinkedIn impersonation is no longer restricted to sophisticated, narrow-targeting threat organizations like Lazarus.