LinkedIn is still the most popular phishing lure around

(Image credit: Shutterstock / Ink Drop)

When it comes to impersonating big brands, LinkedIn is still the most popular target, with almost half (45%) of all impersonation attempts spoofing the social network. 

Check Point Research’s (CPR) latest analysis found that while LinkedIn’s share has dropped somewhat (compared to Q1 2022 when it was 52%), its owner, Microsoft saw a major rise, recording 13% of all the impersonation attempts CPR analyzed, rising by almost 100% quarter-on-quarter. 

DHL was ranked third, with 12%, with the top ten list also featuring some new names, with Adidas, Adobe, and HSBC all appearing.

Fake parcels

For LinkedIn, the attackers mostly just try to imitate notification and newsletter emails coming in from the platform, such as “You appeared in X searches this week”, or “You have one new message”. While these emails appear as if they’re coming from LinkedIn, a closer inspection will determine that’s not the case.

Check Point Research also says that it’s not exactly a surprise DHL made it to the top three, as the trend of online shopping is “relentless”. 

When it comes to the shipping company, the attackers often send out phishing emails, claiming the parcels were lost or damaged, and that the recipient needs to submit further data to claim the parcels. That way, the attackers gain important sensitive information they can later use in stage two of the attack. 

“Phishing emails are a prominent tool in every hacker’s arsenal as they are fast to deploy and can target millions of users at relatively low cost,” said Omer Dembinsky, Data Research Group Manager at Check Point Software. 

“They give cybercriminals the opportunity to leverage the reputation of trusted brands to give users a false sense of security that can be exploited to steal personal or commercial information for financial gain.

The best way to protect from these attacks is to be extra vigilant when opening and reading emails, regardless who they’re from, to make sure not to download attachments or open links unless absolutely certain of their origins, and to set up a strong antivirus solution and a firewall.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.