LinkedIn emails are hiding phishing scams

News
By Mike Moore
published

More than half of social media phishing emails use LinkedIn hook

LinkedIn spam
(Image credit: 13_Phunkod / Shutterstock.com)

LinkedIn users are being warned to beware emails reportedly coming from the site following a rise in recent message scams.

A report from KnowBe4 found that scammers are harnessing emails from some of the world's most popular social media sites to launch phishing scams against unsuspecting users. 

LinkedIn has become the most popular tool to target potential victims, with more than half of all social media phishing email using the Microsoft-owned platform as a hook.

LinkedIn scam

Phishing scams see cybercriminals target users with spoof emails designed to look as though they originate from a large-scale organisation. Social media sites have become increasingly popular in such scams in recent years, with social media phishing attacks rose 75 percent in 2019.

Overall, KnowBe4's tests found that LinkedIn was used in 56 percent of the top phishing emails, more than all the other tests using other social media networks combined.

The report also highlighted that password reset emails were found to be particularly effective, as were fake login alerts, birthday invites, and photo tag alerts. So-called in-the-wild attacks were found to be especially effective when they asked for action from the recipient, such as being invited to share an Outlook calendar or being assigned a task in a Microsoft platform.

KnowBe4 says that its findings show the importance of training users how to spot and manage potentially malicious emails, especially in the workplace.

“It feels good to ‘join my network’ or connect with someone in some way – that’s why social media phishing attacks are so successful,” said Stu Sjouwerman, CEO of KnowBe4. 

“Users innately trust their ‘verified’ contacts so are more apt to click on a link that come from someone they know. It’s becoming harder to identify phishing attacks, but our users are smarter than the bad guys think and can absolutely be trained to identify and avoid phishing and social engineering attacks.”

Mike Moore
Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.