LinkedIn is becoming a paradise for phishing attacks

News
By Sead Fadilpašić
published

No, Tesla is probably not going through your LinkedIn profile

LinkedIn
(Image credit: LinkedIn)

The so-called "Great Resignation" and LinkedIn’s frequent email notifications are creating the perfect environment for criminals looking to steal login information from unsuspecting victims, researchers have warned.

A report from cybersecurity experts Egress found cybercriminals have noticed the opportunity to steal identities with the help of Linkedin's email notifications, as the number of phishing emails impersonating the recruitment site has grown 232%In February 2022 alone.

The premise is simple: threat actors know that LinkedIn sends numerous email notifications almost every day: from “you’ve appeared in X searches this week,” to “your profile matches this job,” to anything else in between. 

Everyone's used to LinkedIn's emails

They also know that with these emails being frequent, and with so many people in-between jobs (or searching for jobs), they might not be as careful with each and every message received.

To top it off, these phishing emails often mention high-profile companies, to further motivate (or distract) people into clicking the link in the message. 

The link, as you might imagine, will lead the victim to a website that looks identical to LinkedIn, but submitting the credentials there only means the details of their identities end up in the hands of the crooks.

"The attacks we have seen are bypassing traditional email security defenses to be delivered into people's inboxes. We advise organizations to examine their current anti-phishing securing stack to ensure they have intelligent controls deployed directly into people's mailboxes," Egress said.

Read more

> LinkedIn URLs are being hijacked for phishing

> This LinkedIn phishing scam abuses Google Forms to siphon your personal details

> LinkedIn emails are hiding phishing scams

"Individuals should take extreme caution when reading notification emails that request them to click on a hyperlink, particularly on mobile devices. We recommend hovering over links before clicking on them and going directly to LinkedIn to check for messages and updates."

LinkedIn, we would add, is not the only company being impersonated by cybercrooks in search of gullible users. Other major brands are being used for phishing as well, such as Amazon, DHL, Microsoft, and many, many others. Users should always pay attention to emails that carry links, or attachments, regardless of who the sender is. 

Via: ZDNet

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.