Phishing is nothing new and scammers have been impersonating brands via email for years, with the intention of spreading viruses, defrauding recipients, or stealing passwords. But a study from security firm Check Point Research found that phishers are increasingly impersonating the social media platform LinkedIn, by an overwhelming margin.

 

How Common Is The Approach?

Check Point researchers found that in the first quarter of 2022, a staggering 52% of all reported phishing attacks were based on impersonations of LinkedIn. This is a truly remarkable surge in tactics. The next most popular brand to impersonate was the logistics company DHL and that represented only 14% of attacks, with Google and FedEx following at 7% and 6% respectively.

 

Why Is It Happening?

Scammers and hackers have found that it is far more profitable to phish businesses of any size than to attack individuals. The reasoning behind that is simple: the average business has greater access to liquid assets than the typical individual computer user. If a business is hit with ransomware, a hacker can stand to make tens of thousands of dollars in extorted funds (sometimes far more). LinkedIn is known as the social network for professionals and is thus seen as a better vector for attempting to penetrate businesses than other social networks such as Facebook and Twitter.

 

How Can You Counter This?

It’s a good idea to keep this in mind and pay close attention to emails purporting to be from LinkedIn. Closely examine the sender’s email address and the spelling of the domain—scammers will often use aliases to suggest the email is from LinkedIn when it is originating from a different domain. Never click a link in the body of an unsolicited email. If a website like LinkedIn is sending a notification message via email, navigate directly to the website in a browser and check your notifications and messages from there. In general, it is crucial that businesses enable multi-factor authentication for any accounts which have the feature. There are also software solutions like Mimecast that block phishing emails before they hit a user’s mailbox. Mimecast is a solution MCT is deploying for any clients who set up a Microsoft 365 email system—it is highly recommended as it reduces the human discretion needed to detect fraud.

 

 

Phishing has exploded in prevalence over the last several years and it is the primary vector that hackers and scammers use to compromise businesses and consumers. The tactics will continue to evolve and different varieties of impersonation emails will wax and wane in popularity. If you need assistance securing your organization’s email systems, call Mankato Computer Technology today.