Cybersecurity researchers at Check Point warned that LinkedIn has become the most impersonated brand in phishing attacks, accounting for more than 52% of all incidents globally.
According to the cybersecurity company, LinkedIn held the fifth spot on the list in the last quarter of 2021, accounting for only 8% of phishing attacks.
The second most imitated brand was German package delivery DHL, which previously was at the top of the list. The main reason for this was the increased shopping during the holiday season.
When combined with FedEx, Maersk, and Ali Express, shipping-related phishing messages still accounted for a total of 21.8% of attacks in the first three months of 2022.
According to a LinkedIn impersonation sample provided by Check Point, the phishing email in the victim’s inbox featured LinkedIn logos and a company-specific style. The message also included a fraudulent request to connect with a made-up firm.
Clicking on the “Accept” button takes the victim to a phishing website that looks like an actual LinkedIn login page hosted on an unofficial URL.
Cybersecurity company Vade also reported that social media phishing is on the rise. This is due to the fact that taking over accounts on these platforms opens up a wide variety of practical possibilities for the threat actors.
For example, the hackers may use compromised social media accounts to perform spear-phishing attacks, post links to malware-hosting sites, or send spyware directly to users.
In the case of LinkedIn, the threat actors are likely aiming to perform spear-phishing attacks on high-interest targets, including employees of specific companies and organizations.
Another potential exploitation method would be sending laced documents disguised as job offers to specific targets, convincing them to open the files and activate malicious macro code.
North Korean hackers, for example, have launched multiple spear-phishing campaigns that leveraged LinkedIn, proving to be very impactful.