LinkedIn_Logo

LinkedIn is now the most popular phishing target

LinkedIn users are warned to be aware of phishing emails. More than half of all brand phishing attacks came through the job portal and professional social network LinkedIn. Phishing attacks commonly target social networking sites. An attacker will try to trick you into disclosing user sensitive information by sending emails and LinkedIn messages with malicious links.

The Q1 2022 Phishing Report shows the companies that were most often stolen by hackers in their attempts to steal people’s personal information or payment details.

According to a recent report, LinkedIn has been connected to 55% of all phishing-related attacks worldwide so far this year,  marking the first time LinkedIn has led the statistics. LinkedIn’s rise to the top of the rankings is a significant increase over the previous quarter, when it was ranked 5th and responsible just for 8% of all phishing. LinkedIn surpassed DHL, which fell to second position after appearing in 14% of all searches.

Hackers targeting social media have bypassed commercial companies and technology giants such as Google, Microsoft, and Apple to become the most targeted category. LinkedIn’s usage as a threat is part of a larger strategy in which hackers use social media to gain an advantage. This threat is used against commercial companies.

LinkedIn is the most targeted social networking platform, responsible for almost one out of every twenty phishing attacks worldwide. Amazon, Apple, Google, and Microsoft, as well as shipping giants AliExpress, FedEx, and Maersk also stayed in the top 10.

Phishing Attack Targeted Sites (Statistics)

A phishing email is sent to LinkedIn users to get them to click on a malicious link. Users would then be directed to a fake site to log in. A form on the fake website is often used to steal users’ passwords, payment information, and other personal data.

According to Check Point Software’s data research group manager, Omer Dembinsky:

These phishing attacks are executed on a large scale by hackers with the goal of obtaining as much personal information as possible. Some attacks, like the ones we’re seeing with LinkedIn, will try to gain control over users or steal their information.

linkedin@e.linkedin.com and linkedin@el.linkedin.com not legitimate

The official LinkedIn website offers many legitimate email addresses, including linkedin@e.linkedin.com and linkedin@el.linkedin.com, which makes this conceivable. This makes identifying both authentic and fake sites challenging.

Poor language and punctuation, as well as a message that isn’t addressed to you directly, are still common warning signs that an email is a phishing attack. It can be a message claiming to be urgent and should be responded quickly. When you receive an email requesting you to open a link to download a file to install a software update, be careful.

How can this be prevented?

The simplest way to protect yourself and your workers from phishing attacks is to teach them how to recognise and respond to malicious emails. LinkedIn users should be aware of who is trying to connect with them. Use long, complex passwords that include unusual characters as well as upper and lowercase letters. To add an extra layer of security, always use two-factor authentication (2fa) and make sure you don’t repeat account information over numerous sites.

Has your organisation started to increase cyber security measures yet? Start your two-week free trial today.

Recent posts