View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

LinkedIn is now the most targeted website for phishing attacks

The professional social network has experienced a surge in phishing attacks as criminal gangs target its users.

By Afiq Fitri

LinkedIn has become the most targeted website for phishing attacks, with a 44% increase over the past quarter. The business social network now accounts for more than half of all phishing-related attacks globally, a surge which has likely been driven by the so-called ‘great resignation’, which has seen many workers looking for new jobs, as well as the large amount of personal information LinkedIn users share publicly.

LinkedIn is now the most popular vehicle for phishing attacks. (Photo by Katja Knupper/Die Fotowerft/DeFodi Images via Getty Images)

New research conducted by the cybersecurity company Check Point shows that fake LinkedIn details were used in 52% of phishing attacks detected in the first quarter of 2022. This is up from 8% in the previous quarter.

How is LinkedIn being exploited for phishing attacks?

In an example of a phishing attack shared by Check Point, an email with ‘LinkedIn’ in the subject email sent to a potential victim contained a link which directed the user to a fraudulent LinkedIn login page. The malicious link required the user to enter the username and password for their genuine LinkedIn account.

Other examples also include emails with targeted subject descriptions telling the potential victim that they have appeared in multiple searches, or that their profile matches a particular job. 

Why is LinkedIn being targeted for phishing attacks?

This dramatic increase in phishing-related attacks using LinkedIn accounts is likely to be linked to the ‘great resignation’ phenomenon observed in the wake of the Covid-19 pandemic, says Omer Dembinsky, research manager at Check Point. This has seen higher than usual staff turnover across many companies as workers look for new roles. “People are now more inclined to look at external opportunities and LinkedIn is a major place for this," Dembinsky says.

People are also comfortable connecting with strangers on LinkedIn to build their professional networks, which makes it ideal for phishing scams, Dembinsky adds. “LinkedIn is a platform in which people are used to having unknown people approach them, which provides the attackers good grounds to lure victims,” he explains. 

“From the attacker’s side, once they obtain LinkedIn credentials, they could potentially use the profiles for more sophisticated social engineering against other targets, but the main goal would still be to sell or use the credentials for password re-use in other services.”

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

What can tech leaders do to prevent LinkedIn phishing?

The value of the information people share publicly about themselves on the professional social network has also piqued the interest of cybercriminals. Last year, it was revealed that LinkedIn suffered at least two instances of malicious web scraping, when more than a billion user records were offered for sale on the dark web. 

This week a court in the US reaffirmed that this kind of web scraping is not illegal. The ruling by the US Ninth Circuit of Appeals came in a case bought by LinkedIn against Hiq Labs, a company it says has been scraping LinkedIn data to use for its own research.

LinkedIn had not responded to Tech Monitor's request for comment at the time of publication. 

Dembinsky says tech leaders should encourage the likes of multi-factor authentication (MFA) to protect organisations and staff from falling victim to phishing. “Our main advice to protect yourself and your business from such attacks is to encourage the use of MFA and avoid clicking on links,” he says. “It would always be preferable to log in directly to the website, as any notification sent by email would usually also be available on the website itself.”

Read more: Malicious web scraping is a growing problem with no simple solution

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.