SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
LinkedIn most imitated in global phishing attacks - report
Wed, 20th Apr 2022
FYI, this story is more than a year old

Cybersecurity company Check Point Software has found that LinkedIn imitations made up 52% of all global phishing attacks in a new report.

Check Point Research's 2022 Q1 Brand Phishing Report looks into what brands were most frequently imitated by cybercriminals in their attempts to steal an individual's personal information or payment credentials during January, February and March.

LinkedIn placed at the top for the first time with a dramatic jump from the previous quarter, when it only related to 8% of phishing attempts.

The report reveals an emerging trend toward social networks, and shipping companies and technology giants such as Google, Microsoft and Apple are also popular targets.

Check Point Software data research group manager Omer Dembinsky says even though Facebook has dropped out of the top ten rankings, the massive increase for LinkedIn shows that social networks are being singled out.

"If there was ever any doubt that social media would become one of the most heavily targeted sectors by criminal groups, Q1 has laid those doubts to rest," he says.

"LinkedIn users should be extra vigilant over the course of the next few months."

What is a brand phishing attack?

Criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site.

The link to the fake website is sent to individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application.

The fake website often contains a form intended to steal the user's credentials, payment details or other personal information.

"These phishing attempts are attacks of opportunity, plain and simple. Criminal groups orchestrate these phishing attempts on a grand scale, with a view to getting as many people to part with their personal data as possible," says Dembinsky.

"Some attacks will attempt to gain leverage over individuals or steal their information, such as those we're seeing with LinkedIn. Others will be attempts to deploy malware on company networks, such as the fake emails containing spoof carrier documents that we're seeing with the likes of Maersk."

Dembinsky says the best defence against phishing threats is knowledge.

"Employees should be trained to spot suspicious anomalies such as misspelt domains, typos, incorrect dates and other details that can expose a malicious email or text message," he says.

He says employees should also be cautious when it comes to urgent requests such as 'change your password now'.

The top 10 imitated brands list

LinkedIn (relating to 52% of all phishing attacks globally), DHL (14%), Google (7%), Microsoft (6%), FedEx (6%), WhatsApp (4%), Amazon (2%), Maersk (1%), AliExpress (0.8%) and Apple (0.8%).