The rise and continuing popularity of LinkedIn-themed phishing

Phishing emails impersonating LinkedIn continue to make the bulk of all brand phishing attempts; according to Check Point, 45% of all email phishing attempts in Q2 2022 imitated the style of communication of the professional social media platform, with the goal of directing targets to a spoofed LinkedIn login page and collecting their account credentials.

The phishers are generally trying to pique the targets’ interest with fake messages claiming that they “have appeared in X searches this week”, that a new message is waiting for them, or that another user would like to do business with them, and are obviously taking advantage of the fact that a record number of individuals are switching or are considering quitting their job and are looking for a new one.

To compare: In Q4 2021, LinkedIn-themed phishing attempts were just 8 percent of the total brand phishing attacks flagged by Check Point. Also, according to Vade Secure, in 2021 the number of LinkedIn-themed phishing pages linked from unique phishing emails was considerably lower than those impersonating other social networks (Facebook, WhatsApp).

Other brands that phishers loved to impersonate during Q2 2022 are (unsurprisingly) Microsoft (13%), DHL (12%) and Amazon (9%).

“Some new brands entering the top 10 were: Adidas, Adobe and HSBC although all on low single digits, these brands will be followed closely by researchers in Q3 for any developments,” Check Point added.

LinkedIn users in cyber crooks’ cross hairs

LinkedIn currently has over 810 million members, which presents a very large pool of potential victims. To cyber criminals, LinkedIn accounts present a treasure trove of personal data, as well as an effective means to reach other potential victims en masse and with tailored messages.

According to the FBI, scammers have been using the social network to lure users into cryptocurrency investment schemes. LinkedIn followed FBI’s alert with a warning about other scams users are targeted with.

As noted before, LinkedIn-themed phishing emails are more likely to come in the form of fake notifications about messages, contacts and searches featuring the target, occasionally even mentioning that people from specific high-profile companies have been looking at the target’s profile.

Other popular approaches (via email) include fake notifications about unusual activity on the target’s account and a temporary restriction of its use, or offers (or even threats) to upgrade their account.

Be careful!

Users should be aware of this increased interest phishers have been having in compromising LinkedIn accounts and of the fact that not every email that has a LinkedIn logo or comes from an email address that looks like it might be owned by the social network is legitimate.

The best thing to do if you receive a notification from LinkedIn is to ignore the links or attachments in it. If the notification is legitimate, the information will be provided to you again when you access the social network by going to the (right) login page on your own accord.

Another good idea is to use a long and unique password and enable two-factor authentication on your LinkedIn account.

Finally, you should occasionally check LinkedIn’s Safety Center to learn more about LinkedIn-specific phishing, scams, spam, etc.