LinkedIn is the most counterfeit brand for phishing attacks – beware of malware-laden emails

Cybersecurity researchers cite the most counterfeit brands that cybercriminals impersonate in phishing attacks to steal users’ private and payment information — and LinkedIn is leading the way.

In Check Point Research’s fire phishing report, the professional networking and social media platform remains the number one target for threat actors to trick unsuspecting victims into sharing confidential credentials. By Q2 2022, 45% of all phishing attempts will come from false LinkedIn phishing attempts.

While this is a slight drop from its 52% share in the first quarter of this year, the trusted platform still takes on a significant number of brand phishing attempts as Microsoft-related scams rank second with a share of 13%. While Adidas, Adobe and HSBC see a slight increase in the number of cybercriminals imitated by 1% each, the report points out that social networks are still the most susceptible.

Microsoft saw the biggest spike in phishing attacks, with scammers using the technology brand name more than twice as much as the previous quarter. The delivery company DHL is also often counterfeited, accounting for 12% of malicious phishing attempts.

Here are the top brands being impersonated for phishing attacks in Q2 2022:

  1. LinkedIn – 45%
  2. Microsoft – 13%
  3. DHL – 12%
  4. Amazon – 9%
  5. Apple – 3%
  6. Adidas – 2%
  7. Google – 1%
  8. Netflix – 1%
  9. Adobe – 1%
  10. HSBC – 1%

Beware of malicious emails

The report shows the methods cyber criminals use to trick social media users of each platform, usually via email. One phishing attempt uses a rogue Microsoft Outlook webpage with the subject line: “[Action Required] Final reminder – verify your OWA account now”, ask the victim to enter their credentials.

“The proliferation of Microsoft-related scams poses a threat to individuals and organizations alike,” the report said. “Once someone has your account credentials, they can access all the applications behind it, such as Teams and SharePoint, as well as the obvious risk of your Outlook email account being compromised.”

Example phishing attempt on LinkedIn (via Check Point Research) Credit: Check Point Research

LinkedIn branding is also often used in sneaky phishing emails. Check Point Research discovered an email sent from a web address and faked to appear as if it had been sent from “LinkedIn Security (mlayanac@armada.mil[.]ec)”. With the subject line “LinkedIn Notice!!!”, the sender tried to trick users into clicking a suspicious link to update their LinkedIn account version, but instead leads to an untrustworthy site that asks the victim. ​​​​to enter their LinkedIn account information.

This would lead to cyber criminals to learn a user’s personal login credentials, giving them access to their account and everything related to it, including personal information or banking details. These links can also be a way for threat actors to trick users into downloading malware, to damage a system or gain unauthorized access to a system.

There are a number of different phishing emails that use LinkedIn’s usual communication style that users often see, including subject lines like “You appeared in 8 searches this week”, “You have one new message” or “I’d like to do business.” do with you through LinkedIn.”

It’s a good idea to always check the email address of an email from a social media platform, especially if you have to click on a link. To stay safe online, you need to check out the best antivirus apps and best password managers out there.