The professional social networking site LinkedIn is now the most impersonated brand in phishing attacks according to Check Point Research. In Q1, 2022, 52% of phishing attacks spoofed LinkedIn, which is a 550% increase from the previous quarter when LinkedIn was the 5th most impersonated brand.
This is part of an emerging trend in phishing that has seen phishers switch to campaigns seeking corporate social media credentials, which can be used for a range of different attacks. If corporate social media credentials are obtained, the accounts can be used for posting links to malicious websites, and they allow convincing spear phishing campaigns to be conducted. Many job seekers use LinkedIn to find new employment opportunities. If a corporate LinkedIn account is compromised, it could be used to send fake job offers.
Facebook has long been a brand that has been heavily impersonated in phishing attacks; however, Facebook has now dropped out of the top 10 most impersonated brands, but according to the 2022 Q1 Brand Phishing Report, the increase in attacks spoofing LinkedIn means social media networks became the most targeted sector by phishers.
Phishing attacks spoofing shipping and delivery firms are still common and account for around 22% of brand impersonation attacks. The German package delivery firm DHL was the second most impersonated brand, accounting for 14% of all brand impersonation attacks with FedEx in 5th place with 6% of attacks, and the shipping firm Maersk 7th spot with 1%.
Google and Microsoft are still commonly spoofed, but drop down to 3rd and 4th in the list of most impersonated brands, accounting for 7% and 6% of attacks respectively. WhatsApp’s percentage share of 4% remained unchanged from the previous quarter and put it in 6th place, and AliExpress and Apple were in positions 9 and 10, each with a percentage share of 0.8%.
While the LinkedIn, Google, and Microsoft impersonation attacks are conducted to obtain credentials, phishing is also used to distribute malware, such as the phishing emails impersonating Maersk. The campaigns identified by the researchers included emails with malicious attachments that claimed to be carrier documents, which had malicious macros that downloaded malware if allowed to run.
“The best defense against phishing threats, as ever, is knowledge. Employees, in particular, should be trained to spot suspicious anomalies such as misspelled domains, typos, incorrect dates and other details that can expose a malicious email or text message. LinkedIn users, in particular, should be extra vigilant over the course of the next few months,” said Omer Dembinsky, data research group manager at Check Point Software.