LinkedIn is one of the most popular networking brands targeted by cyber criminals with phishing attacks and so LinkedIn users are being warned to be on the look out for any suspicious emails.

Don’t let criminals get your usernames, passwords, and other personal information.

To clarify, over half the phishing attacks sent during the first 3 months of 2022 attempted to leverage LinkedIn, according to cybersecurity researchers at Check Point.

Firstly, the potential victim receives a phishing email that looks as though it comes from LinkedIn.

Secondly, if the recipient clicks the link, they go to a login page that is also a LinkedIn look-a-like.

Lastly, if they are fooled and put in their email address and password, they’ll be handing them to the attacker the tools to log into the victims LinkedIn account.

So even though the attacks are unsophisticated, by targeting the LinkedIn brand, which is commonly used, there’s a better chance recipients won’t spot that they’re being fooled by a phishing attack.

Omer Dembinsky, the data research group manager at Check Point Software notes that “these phishing attempts are attacks of opportunity, plain and simple.

And that Criminal groups phish on a large scale to get as many bites as possible. In other words, “to get as many people to hand over their personal data as possible,” he continues.

But LinkedIn isn’t the only common brand used for phishing attacks during the first 3 months of the year, others include DHL, Google, Microsoft, FedEx, WhatsApp, Amazon and Apple. As the cyber criminals attempt to leverage off the well-known brand in their attacks.

Above all, the main aim of these criminals is to steal usernames and passwords. But researchers also warns other attacks have malicious links and attachments and are used to deliver malware. 

Unfortunately, mass phishing campaigns work and that’s why cybercriminals use them. People click on malicious links and download attachments, by mistake regularly. But quite often there are some signs that something isn’t right, that the email is a phishing message.

Firstly, employees need to be trained in what to look for in emails. For instance, misspelled domains, typos, incorrect dates and other details that can expose a malicious email or text message. Dembinsky recommends that all LinkedIn users should be extra careful over the coming months.

Secondly, you can use multi-factor authentication, LinkedIn allows you to set the up. It can be that extra layer of protect against a phishing attack.

In addition, report suspicious messages to the internal team at LinkedIn. The team will work to take actions against those who attempt to harm LinkedIn members through phishing.

And lastly, talk to the team about how you can protect yourself further, including by two-step verification.

Ask LinkedIn help centre about you can identify phishing messages.

Meanwhile an attempted phishing attack can have some clear warning signs – message contains

  • bad spelling
  • grammar
  • a message that isn’t addressed to you personally
  • a message claiming to be urgent that needs to be acted upon immediately.
  • messages asking you to download an attachment to install a software update should also be treated with caution.
  • phishing emails is to tell users that their account has been hacked

If you receive an email with a warning message asking you to change your password, it might be legitimate? But if you’re at all unsure:

  1. avoid the URL in the email and visit the website directly
  2. the website will tell you and you can take the necessary action.

Want insights like this in your mailbox? Join our monthly mailing list

How can we make your business better with IT?