Phishing emails targeting LinkedIn accounts are on the rise. Here’s what to watch out for

LinkedIn users are urged to watch out for suspicious emails, as the professional networking website is one of the most popular brands targeted by cyber criminals in phishing attacks.

According to cybersecurity researchers at Check Point, who analyzed phishing emails sent in the first three months of this year, more than half of all phishing attacks (52%) attempted to use LinkedIn.

The phishing emails are designed to look like they’re coming from LinkedIn, but when the recipient clicks the link, they’re sent to a login page designed to look like LinkedIn, and if they enter their email address. Entering a password is given to the attacker, who can use that information to log into the victim’s LinkedIn account.

SEE: A winning cybersecurity strategy (ZDNet special report)

The attacks are not particularly advanced. But by targeting a widely used service like LinkedIn, there’s a good chance that some recipients won’t see that they’re having a phishing attack.

“These phishing attempts are attacks of opportunity, plain and simple. Criminal groups are orchestrating these phishing attempts on a massive scale, with the aim of giving as many people as possible their personal data. Some attacks will try to influence individuals or steal their information, like the one we see with LinkedIn,” said Omer Dembinsky, data research group manager at Check Point Software.

While LinkedIn was the most counterfeit brand for phishing attacks during the reporting period, it is far from the only known company that cybercriminals try to use in attacks. Some of the other brands that cyber criminals spoof in phishing emails include DHL, Google, Microsoft, FedEx, WhatsApp, Amazon, and Apple.

In many cases, like the LinkedIn attacks, the goal is to steal usernames and passwords, although researchers warn that in some cases malicious links and attachments are used to deliver malware.

Cyber ​​criminals send massive phishing campaigns because, unfortunately, they often work: people click on malicious links and download attachments. But there are often signs that an email could be a malicious phishing message.

“Employees should be trained to spot suspicious anomalies such as misspelled domains, typos, incorrect dates and other details that a malicious email or text message could expose. LinkedIn users in particular should be extra vigilant in the coming months,” Dembinsky said. .

LinkedIn allows users to use multi-factor authentication, which, if implemented, can provide an additional barrier against phishing attacks.

Our internal teams work to take action against those who attempt to harm LinkedIn members through phishing. We encourage members to report suspicious messages and help them learn more about what they can do to protect themselves, including enabling two-step verification,” a LinkedIn spokesperson told ZDNet in an email.

“For more information on how members can identify phishing messages, please visit our Help Center here,” she added.

Some of the warning signs that an email may be an attempted phishing attack include the message with bad spelling, grammar, and a message that is not addressed to you personally, or a message that is supposedly urgent and should be addressed immediately. be addressed. Messages asking you to download an attachment to install a software update should also be treated with caution.

A common tactic in phishing emails is to tell users that their account has been hacked. If you’re concerned that an email with a cybersecurity warning telling you to change your password may be legitimate, avoid the URL in the email and visit the website directly. If there really is a problem, the website will tell you and you can take the necessary action.


Leave a Comment