LinkedIn has become the most spoofed brand in phishing attacks, accounting for more than 52% of all phishing attacks on a global level.
Our latest report highlights a new trend where attackers are leveraging social networks, which now ahead of transportation companies and technology such as Google, Microsoft and Apple.
In addition to LinkedIn being the most targeted brand, WhatsApp also made the top 10, accounting for nearly 1 in 20 phishing-related attacks worldwide.
cybersecurity firm Check Point reports a dramatic increase in the abuse of the LinkedIn brand in phishing incidents.
The second spoofed brand was the former leader, German package delivery DHL due in part to increased shopping during the holiday season.
DHL and FedEx, Maersk, and Ali Express combined accounted for 21.8% of shipment-related phishing messages in the first three months of 2022, still a significant portion.
In the LinkedIn spoofing sample provided by Check Point, the phishing email that arrives in the target’s inbox features the LinkedIn logo and company-specific style, and contains requests to log in to the site, add to connections, etc.
Clicking the “Accept” button takes victims to a phishing site that hosted at an unofficial URL
Social media phishing is on the rise, as cybersecurity firm Vade recently reported.
This is because hijacking accounts on these platforms allows attackers to spread many practical attack clues.
For example, hackers can use a compromised social media account to conduct highly effective spear-phishing attacks, post links to malware hosting sites, or send spyware directly to trusted users.
Because LinkedIn is a professional-focused social media platform, attackers are likely aiming to conduct spear-phishing attacks against high-interest targets, such as employees of specific companies or organizations.
Another possible exploit scenario would be to send a forged document posing as a job posting to a specific target, forcing them to open the file and launch malicious macro code.
For example, North Korean hackers have launched multiple spear-phishing campaigns using LinkedIn in the past and have proven to be very effective.
But the scale documented by Check Point suggests that LinkedIn-based impersonation is no longer limited to sophisticated and targeted threat groups such as Lazarus.