Firstly, the potential victim receives a phishing email that looks as though it comes from LinkedIn.
Secondly, if the recipient clicks the link, they go to a login page that is also a LinkedIn look-a-like.
Lastly, if they are fooled and put in their email address and password, they’ll be handing them to the attacker the tools to log into the victims LinkedIn account.
So even though the attacks are unsophisticated, by targeting the LinkedIn brand, which is commonly used, there’s a better chance recipients won’t spot that they’re being fooled by a phishing attack.
Omer Dembinsky, the data research group manager at Check Point Software notes that “these phishing attempts are attacks of opportunity, plain and simple.
And that Criminal groups phish on a large scale to get as many bites as possible. In other words, “to get as many people to hand over their personal data as possible,” he continues.
But LinkedIn isn’t the only common brand used for phishing attacks during the first 3 months of the year, others include DHL, Google, Microsoft, FedEx, WhatsApp, Amazon and Apple. As the cyber criminals attempt to leverage off the well-known brand in their attacks.
Above all, the main aim of these criminals is to steal usernames and passwords. But researchers also warns other attacks have malicious links and attachments and are used to deliver malware.
Unfortunately, mass phishing campaigns work and that’s why cybercriminals use them. People click on malicious links and download attachments, by mistake regularly. But quite often there are some signs that something isn’t right, that the email is a phishing message.
Firstly, employees need to be trained in what to look for in emails. For instance, misspelled domains, typos, incorrect dates and other details that can expose a malicious email or text message. Dembinsky recommends that all LinkedIn users should be extra careful over the coming months.
Secondly, you can use multi-factor authentication, LinkedIn allows you to set the up. It can be that extra layer of protect against a phishing attack.
In addition, report suspicious messages to the internal team at LinkedIn. The team will work to take actions against those who attempt to harm LinkedIn members through phishing.
And lastly, talk to the team about how you can protect yourself further, including by two-step verification.