Half Of Phishing Emails Target LinkedIn Accounts

LinkedIn users are being urged to watch out for suspicious emails because the professional networking website is one of the most popular brands targeted by cyber criminals in phishing attacks and and 52% of phishing attacks globally are focused on LinkedIn.

LinkedIn users are being urged to watch out for suspicious emails because the professional networking website is one of the most popular brands targeted by cyber criminals in phishing attacks.

LinkedIn has become the most targeted website for phishing attacks, with a 44% increase over the past quarter. The business social network now accounts for more than half of all phishing-related attacks globally, a surge which has likely been driven by the so-called ‘great resignation’, which has seen many workers looking for new jobs, as well as the large amount of personal information LinkedIn users share publicly. 

A particular is issue is that many users feel comfortable connecting with strangers on LinkedIn to build their professional networks, which makes it ideal for phishing scams. 

Security researchers at Check Point have released a Report detailing phishing attempts against LinkedIn users, where cyber criminal want usernames, passwords and social information. Check Point say that LinkedIn users should be wary of suspicious emails that seemingly come from LinkedIn.

If the recipient clicks on the link, they are taken to a spoofed login page that harvests credentials and lands them in the hands of attackers. The attackers could then use that information to log into the victim’s LinkedIn account.

Although the attacks are not sophisticated, leveraging a commonly used platform such as LinkedIn is a tactic used by phishers to fool recipients that don’t look close enough to spot the hallmarks of a phishing attack. Criminal groups frequently operate these phishing attempts on a large scale, delivering as many emails out to LinkedIn users as possible.

Some attacks will attempt to use publicly available information on social media accounts to tailor the phishing email and make it more convincing and a common tactic is to tell users that their account has been hacked.  

If you are worried that an email with a cyber security warning that says you need to change your password might be legitimate, the best course of action is to avoid the URL in the email and visit the website directly.  If there really is an issue, the website will tell you and you can take the necessary action. 

CheckPoint:  TechMonitor:  Oodaloop:    ZDNet:   Infosecurity Magazine:   InfoSec Today:   Indian Express

You Might Also Read: 

How Do The Facebook & LinkedIn Data Leaks Impact Their Users?:
 

« The Cyber Delusion Challenge For Small & Medium Businesses
Business Leaders Have A Legal Liability When A Data Breach Occurs »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

2Secure

2Secure

2Secure is one of Sweden's largest private security companies. Service inlcude personal security, corporate security, information and cyber security.

GeoLang

GeoLang

GeoLang’s Ascema platform protects sensitive information at the content level by identifying, classifying and tracking data across the corporate infrastructure.

SQNetworks

SQNetworks

SQNetworks provides a full range of cybersecurity consultancy, services and solutions.

Edvance

Edvance

Edvance operates a range of cybersecurity businesses including value added cybersecurity solutions distribution, security technology innovation and development, and SaS solution offerings.

VIPRE Security Group

VIPRE Security Group

VIPRE Security Group is an award-winning global cybersecurity, privacy and data protection company.

Dutch Accreditation Council (RvA)

Dutch Accreditation Council (RvA)

RvA is the national accreditation body for the Netherlands. The directory of members provides details of organisations offering certification services for ISO 27001.

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic's main goal is toward establishing an international reference centre for excellence in the field of digital forensics and data recovery services.

Adlumin

Adlumin

Adlumin Inc. provides the enterprise-grade security operations platform and managed detection and response services that keep mid-market organizations secure.

Octiga

Octiga

Octiga is an office 365 cloud security provider. It offers Office 365 monitoring, incident response and recovery tools.

Graylog

Graylog

Graylog provides answers to your team’s security, application, and IT infrastructure questions by enabling you to combine, enrich, correlate, query, and visualize all your log data in one place.

Node4

Node4

Node4 provide advanced, cloud-led digital transformation solutions, delivered with technical expertise, innovation and exceptional service to drive your business forwards.

Sectyne

Sectyne

Sectyne is a full-stack cyber consultancy committed to providing tailored services, advisory consultations, and training.

Aleo

Aleo

Aleo is building the world's leading developer platform for enabling absolute privacy on blockchains.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

CESAR

CESAR

CESAR is one of the premier R+D and innovation centers in Brazil and a designated Cybersecurity Competence Center.