The so-called "Great Resignation" and LinkedIn’s frequent email notifications are creating the perfect environment for criminals looking to steal login information from unsuspecting victims, researchers have warned.
A report from cybersecurity experts Egress found cybercriminals have noticed the opportunity to steal identities (opens in new tab) with the help of Linkedin's email notifications, as the number of phishing emails impersonating the recruitment site has grown 232%In February 2022 alone.
The premise is simple: threat actors know that LinkedIn sends numerous email notifications almost every day: from “you’ve appeared in X searches this week,” to “your profile matches this job,” to anything else in between.
Everyone's used to LinkedIn's emails
They also know that with these emails being frequent, and with so many people in-between jobs (or searching for jobs), they might not be as careful with each and every message received.
To top it off, these phishing emails often mention high-profile companies, to further motivate (or distract) people into clicking the link in the message.
The link, as you might imagine, will lead the victim to a website that looks identical to LinkedIn, but submitting the credentials (opens in new tab) there only means the details of their identities (opens in new tab) end up in the hands of the crooks.
"The attacks we have seen are bypassing traditional email security defenses to be delivered into people's inboxes. We advise organizations to examine their current anti-phishing securing stack to ensure they have intelligent controls deployed directly into people's mailboxes," Egress said.
> LinkedIn URLs are being hijacked for phishing (opens in new tab)
> This LinkedIn phishing scam abuses Google Forms to siphon your personal details (opens in new tab)
> LinkedIn emails are hiding phishing scams (opens in new tab)
"Individuals should take extreme caution when reading notification emails that request them to click on a hyperlink, particularly on mobile devices. We recommend hovering over links before clicking on them and going directly to LinkedIn to check for messages and updates."
LinkedIn, we would add, is not the only company being impersonated by cybercrooks in search of gullible users. Other major brands are being used for phishing as well, such as Amazon, DHL, Microsoft, and many, many others. Users should always pay attention to emails that carry links, or attachments, regardless of who the sender is.
- Here's our rundown of the best business password managers (opens in new tab) right now
Via: ZDNet (opens in new tab)