Researchers say they have recorded a 232% increase in email phishing attacks impersonating LinkedIn since Feb. 1.
In a blog post, Egress researchers say these attacks use display name spoofing and stylized HTML templates to socially engineer Microsoft Outlook 365 users into clicking on phishing links and then entering their credentials on phony websites.
The researchers say the targets vary, covering companies operating in different industries in North America and the United Kingdom. LinkedIn claims to have more than 810 million members in some 200 countries, which provides an extensive pool of potential victims for cybercriminals.
“Many professionals choose to include their corporate email address within their profiles, and many regularly receive update communications from LinkedIn,” said the researchers. “Consequently, they could be more trusting of a stylized phishing email.”
This case has little to do with LinkedIn, specifically — they’re not doing anything wrong here — explained Yehuda Rosen, senior software engineer at nVisium.
“It boils down to the fact that LinkedIn has hundreds of millions of members — many of whom are very accustomed to seeing frequent legitimate emails from LinkedIn — and may inevitably click without carefully checking that each and every email is the real deal,” Rosen said. “The ultimate goal here seems to be less related to brand damage and more for credential capture and account takeover.”
LinkedIn reiterated in a statement sent to SC Media that the company's internal teams "work to take action against those who attempt to harm LinkedIn members through phishing," encouraging members to report suspicious messages and to protect themselves through such measures as two-step verification. The company also offers through its Help Center tips for identifying phishing messages.
John Bambenek, principal threat hunter at Netenrich, said these kinds of phishing attacks rarely hurt social media brands.
“People spoof trusted brands to get the credentials that matter,” Bambenek said. “The options of the impersonated brand are minimal, so no one really blames them that it happens. That said, major tech companies do need to detect credential misuse from attacks like these that steal credentials so they can protect their user base.”
Saryu Nayyar, founder and CEO of Gurucul, said while many social media platforms have gone too far in collecting sensitive user information without users being fully aware and also not building in enough security to prevent theft of that user data, phishing emails spoofing a well-known brand is not the fault of the actual company itself.
“It’s simply a tactic threat actors use for any well-known name that’s recognizable to coerce users to making a bad decision,” Nayyar said.