LinkedIn, a workplace social network, has become the brand that cybercriminals most frequently use as a phishing attack target for the second consecutive quarter.
According to CPR’s Brand Phishing Report for Q2 2022, shipping is the most pirated brand category, followed by technology firms and social networks in general. The brands that cybercriminals most copied in their attempts to steal personal information or payment credentials throughout the quarter are highlighted in new research.
Following its appearance in the rankings in Q1, social media site LinkedIn maintained its position as the most phishing brand. Comparing the Q2 of this year to the Q1 of previous year, LinkedIn imitation decreased from 52% to 45%. This continuously troubling behaviour serves as a reminder of the risks that users of the reputable social networking site continue to face.
Big name IT businesses have been exploited noticeably more frequently during the last three months. After DHL, which accounted for 12% of brand phishing emails, Microsoft now makes up 13% of all brand phishing attacks, moving up to second position.
Microsoft related scams are being used more frequently, which puts people and businesses in danger. Any data that is protected behind your account can be accessed if someone obtains your login information. In addition to the obvious risk of your Outlook email account being compromised, it may also be Teams and SharePoint.
What makes a brand phishing attack click?
The simple trust that individuals have in well-known brands will be exploited by brand phishing attacks, using images and URLs to create the impression that they are the real thing.
Jake Moore, global cyber security advisor at ESET, said:
Phishing emails can reach millions of people at a minimal cost and with quick deployment. Giving users a false feeling of security that may be used to steal personal or business information for financial benefit, allow cybercriminals the chance to take advantage of the reputation of trustworthy businesses.
A lot of the time, these attacks will also appeal to human emotions to build a feeling of urgency, such as fear of termination of account. Which may cause consumers to click hastily without being aware that they could be tricked. We can see the below phishing email the attacker trying to trick user to click on malicious link.
The victims are directed to a phishing website that pretends to be LinkedIn, where they are prompted for their LinkedIn login information. After gathering login information, the threat actors will then have get access to the victim’s LinkedIn account.
LinkedIn phishing scams can be especially effective because job seekers routinely use the platform. Therefore, offers that seem positive in nature, like excellent news from a recruiter, will immediately appeal to our emotions.
The durability of phishing lures focused on shipping organisations like DHL and other courier and delivery companies that are routinely faked is another clear indication of the pandemic’s effect.
Leading phishing brands
Brand phishing’s goal is to take advantage of our implicit confidence in well-known brands in order to obtain our personal information. The most well-known brands, as determined via brand phishing attacks, are listed below.
- LinkedIn (45%)
- Microsoft (13%)
- DHL (12%)
- Amazon (9%)
- Apple (3%)
- Adidas (2%)
- Google (1%)
- Netflix (1%)
- Adobe (1%)
- HSBC (1%)
Omer Dembinsky, manager of Check Point’s data research division, said that phishing attack is a popular trick in any hacker’s toolbox since they are simple to set up:
Any brand with a big enough customer following and trust will be used by cybercriminals. As a result, we witness hackers increasing their operations with the debut of Adidas, Adobe, and HSBC in the top 10. These hackers’ profit from our faith in these companies and our instinctively human need for “the bargain.” Brand-based phishing is still used by hackers for a reason.
Phishing emails with subject lines like “You appeared in 8 searches this week,” “You have one new message,” or “I’d like to do business with you via LinkedIn” are among the several variations on the regular LinkedIn communication style that users see.
Every time you receive an email from a social networking site, especially one that asks you to click on a link, it’s a good idea to carefully check the email address. The links or attachments in any notifications you get from LinkedIn should be ignored.
Help your colleagues spot these phishing emails by starting your Phishing Tackle security awareness training today with our two-week free trial.