More than half of all recorded phishing assaults perpetrated during the first three months of the year involved cybercriminals pretending to send digital messages from LinkedIn, the social media platform division of Microsoft Corp. (NASDAQ:MSFT).
What Happened: According to the Q1 Brand Phishing Report published by Check Point Research, a division of the cybersecurity company Check Point Software (NASDAQ:CHKP), 52% of phishing attacks during the first quarter were camouflaged as emails from LinkedIn.
Omer Dembinsky, data research group manager at Check Point Software, cited LinkedIn’s wealth of personal information as being an irresistible resource for a phishing attack planner.
“Some attacks will attempt to gain leverage over individuals or steal their information, such as those we’re seeing with LinkedIn,” he said. “Others will be attempts to deploy malware on company networks.”
Other corporate brands being hijacked by phishing planners are DHL (14% of all first quarter attacks) Alphabet’s (NASDAQ:GOOG) (NASDAQ:GOOGL) Google (7%), Microsoft (6%), FedEx (NYSE:FDX) (6%), Meta Platforms’ (NASDAQ:FB) WhatsApp (4%), Amazon (NASDAQ:AMZN) (2%), Maersk (OTC:AMKBY) (1%), AliBaba Group’s (NYSE:BABA) AliExpress (0.8%) and Apple (NASDAQ:AAPL) (0.8%).
See Also: Archegos Founder Bill Hwang Hit With Fraud Charges: What You Need To Know
What Didn’t Happen: For Dembinsky, the oddest aspect of the quarterly report was the absence of phishing attacks pretending to come from social media platforms other than LinkedIn.
“If there was ever any doubt that social media would become one of the most heavily targeted sectors by criminal groups, Q1 has laid those doubts to rest,” he said. “While Facebook has dropped out of the top 10 rankings, LinkedIn has soared to number one and has accounted for more than half of all phishing attempts so far this year.”
Dembinsky added the way to avoid becoming a victim of phishing is knowing how to recognize such chicanery.
“Employees in particular should be trained to spot suspicious anomalies such as misspelled domains, typos, incorrect dates, and other details that can expose a malicious email or text message,” he said. “LinkedIn users in particular should be extra vigilant over the course of the next few months.”
