LinkedIn has become the most targeted website for phishing attacks, with a 44% increase over the past quarter. The business social network now accounts for more than half of all phishing-related attacks globally, a surge which has likely been driven by the so-called ‘great resignation’, which has seen many workers looking for new jobs, as well as the large amount of personal information LinkedIn users share publicly.
New research conducted by the cybersecurity company Check Point shows that fake LinkedIn details were used in 52% of phishing attacks detected in the first quarter of 2022. This is up from 8% in the previous quarter.
How is LinkedIn being exploited for phishing attacks?
In an example of a phishing attack shared by Check Point, an email with ‘LinkedIn’ in the subject email sent to a potential victim contained a link which directed the user to a fraudulent LinkedIn login page. The malicious link required the user to enter the username and password for their genuine LinkedIn account.
Other examples also include emails with targeted subject descriptions telling the potential victim that they have appeared in multiple searches, or that their profile matches a particular job.
Why is LinkedIn being targeted for phishing attacks?
This dramatic increase in phishing-related attacks using LinkedIn accounts is likely to be linked to the ‘great resignation’ phenomenon observed in the wake of the Covid-19 pandemic, says Omer Dembinsky, research manager at Check Point. This has seen higher than usual staff turnover across many companies as workers look for new roles. “People are now more inclined to look at external opportunities and LinkedIn is a major place for this," Dembinsky says.
People are also comfortable connecting with strangers on LinkedIn to build their professional networks, which makes it ideal for phishing scams, Dembinsky adds. “LinkedIn is a platform in which people are used to having unknown people approach them, which provides the attackers good grounds to lure victims,” he explains.
“From the attacker’s side, once they obtain LinkedIn credentials, they could potentially use the profiles for more sophisticated social engineering against other targets, but the main goal would still be to sell or use the credentials for password re-use in other services.”
What can tech leaders do to prevent LinkedIn phishing?
The value of the information people share publicly about themselves on the professional social network has also piqued the interest of cybercriminals. Last year, it was revealed that LinkedIn suffered at least two instances of malicious web scraping, when more than a billion user records were offered for sale on the dark web.
This week a court in the US reaffirmed that this kind of web scraping is not illegal. The ruling by the US Ninth Circuit of Appeals came in a case bought by LinkedIn against Hiq Labs, a company it says has been scraping LinkedIn data to use for its own research.
LinkedIn had not responded to Tech Monitor's request for comment at the time of publication.
Dembinsky says tech leaders should encourage the likes of multi-factor authentication (MFA) to protect organisations and staff from falling victim to phishing. “Our main advice to protect yourself and your business from such attacks is to encourage the use of MFA and avoid clicking on links,” he says. “It would always be preferable to log in directly to the website, as any notification sent by email would usually also be available on the website itself.”