As cybercriminals look for novel and effective ways to gain entrance to a victim network, LinkedIn is proving to be fruitful enough to keep the attention of phishing scammers.
I hope you can appreciate the sophistication of a phishing attack that targets not just a specific company, or even an individual, but a role within the organization – complete with a tailored socially engineered campaign of emails, landing pages, impersonated brands, phone call scripts, and a defined process for the prospective victim to follow… until they perform the malicious action desired by the threat actor at the helm.
This is exactly the kinds of attacks we’re seeing with LinkedIn – the top impersonated brand for the second quarter in a row, according to Checkpoint’s Q2 Brand Phishing Report. With the data on over 500 million LinkedIn users available for cybercriminals to utilize, we’ve seen massive increases in attacks impersonating LinkedIn of well-over 200% in just a single month.
The FBI even recently put out a warning about widespread fraudulent activity using LinkedIn’s branding and platform as the foundation for the attack.
According to Checkpoint, impersonation of LinkedIn is used in phishing attacks today at more than three times the rate of Microsoft (a brand we’ve seen way too often used, due to its widespread applicability to users of the Windows operating system and the Microsoft 365 platform).
Because even your organization has users that are looking for their next job today, it’s imperative that they understand the risk of responding to any communication – whether in email or on the web – that is either unexpected or seems too good to be true. This level of vigilance is attained by putting users through continual Security Awareness Training to teach them about how brand impersonation (LinkedIn or otherwise) is commonly used to increase the chances of a successful phishing attack.