Email security, Security Strategy, Plan, Budget

LinkedIn leads the way as social networks overtake other phishing methods

The LinkedIn app logo is displayed on an iPhone on Aug. 3, 2016, in London. (Photo by Carl Court/Getty Images)

A study on Q1 brand phishing trends by Check Point research found that social media networks have now overtaken shipping, retail and technology as the most likely category targeted by criminal groups.

Check Point said so far this year, LinkedIn has been tied to 52% of all phishing-related attacks globally, marking the first time LinkedIn has reached the top of the rankings.

LinkedIn’s numbers represent a dramatic 44% increase from the previous quarter, when LinkedIn was in fifth position and related to only 8% of phishing attempts. Check Point said LinkedIn has now overtaken DHL as the most targeted brand, which has now fallen to second place and accounted for 14% of all phishing attempts during Q1.

Along with LinkedIn, WhatsApp maintained its position in the Top 10, accounting for almost 1 in 20 phishing-related attacks worldwide. Big Tech companies Amazon, Apple, Google, and Microsoft remained in the Top 10, as did shipping companies AliExpress, FedEx, and Maersk.

Oliver Tavakoli, CTO at Vectra, said the use of LinkedIn blurs the boundary between work purposes and personal career development. Tavakoli said for sales and marketing professionals or recruiters who use LinkedIn for work purposes, employers should remind them that trust is not transitive and that all information on LinkedIn — no matter how professional it looks — can be entirely fake.

“LinkedIn should itself undertake efforts to find and delete fake profiles, make it far easier for organizations to flag incorrect claims in fake profiles of having worked at a particular organization and to quickly correct such inaccuracies,” Tavakoli said. “On the end-user front, there’s no real substitute for education — teaching skepticism and not falling for the transitive effect of trust.”

Antonio “Johnny” Martinelli, director of cyber training at GRIMM, said because LinkedIn has such relaxed rules and enforcement around what it considers spam, its users are perpetually inundated with communications from all ends of the earth, including many from LinkedIn itself. Martinelli said this has caused users to be even more desensitized to odd messages from this source than they already are in general, leaving them ripe for attacks.

“Attackers are also aware of the direct correlation between career positions and LinkedIn usage, with industry leaders being the most active users,” Martinelli said. “This creates a perfect watering hole for spear phishing without any extra effort, as your most desirable targets (executives, thought leadership, brand managers seeking partnerships) are also going to inherently be the most likely to take the bait.” 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.