Phishing criminals are using LinkedIn to build trust with victims

LinkedIn is proving tasty bait for the cybercriminal's phishing hook

Be warned that LinkedIn is increasingly being used by cybercriminals as a means to bolstering the effectiveness of their phishing attacks.

The basic idea for the criminal is that connecting with someone on LinkedIn is a useful exercise in building up a level of trust with their target, so when the phishing email is subsequently delivered, the bait is more likely to be taken.

That's the finding of new research from Computing, which also observed that phishing is now seen as the biggest threat to UK businesses, pushing all other nastiness aside including the dreaded DDoS attack (which can sink an organisation's website for a potentially lengthy and costly period of time).

No skills needed

The major reason phishing is so dangerous is because more and more malicious parties are using the tactic, and in turn, that's because it's so easy to phish.

Orlando Scott-Cowley, cyber security specialist at Mimecast, told Computing: "We use phishing to mean all the types of attack you see in email. Email has become the threat vector of choice because it's easy, there are no skills needed, and you can attach a pre-built piece of malware to your message."

He added that phishing tends to be successful because people trust their inboxes implicitly, particularly when it comes to business email accounts ensconced behind an organisation's security defences – and of course if the email comes from a LinkedIn contact, that adds to the misplaced trust factor.

Yesterday, we had a warning from the police about the increased usage of phishing, with almost a hundred thousand people having reported phishing scams to the authorities in the UK last year. The majority of these attempts – 70% of them – were delivered by email.

As ever, be wary of any email with an even vaguely suspicious subject line or content, whether the email seems to come from a friend, LinkedIn contact, or colleague (remember, email addresses can be spoofed). If you're not sure about something, it's better to be safe than sorry, and always remain very cautious about links and attachments in emails.