Hackers Cast LinkedIn as Most-Popular Phishing Spot

LinkedIn users are being steadily more targeted by phishing campaigns.

In recent weeks network audits revealed that the social media platform for professionals was in the crosshairs of 52 percent of all phishing scams globally in the first quarter of 2022.

This is the first time that hackers leveraged LinkedIn more often than any tech giant brand name like Apple, Google, and Microsoft, according to various reports.

Social media networks now overtake shipping, retail, and technology as the category most likely to be targeted by criminal groups, noted network security firm Check Point.

The phishing attacks reflect a 44 percent uplift from the previous quarter, when LinkedIn was in fifth place with only eight percent of phishing attempts. Now LinkedIn has surpassed DHL as the most targeted brand.

The second most targeted category is now shipping. DHL now holds second place with 14 percent of all phishing attempts during the quarter.

Checkpoint’s latest security report shows a trend toward threat actors leveraging social networks as a prime target. Hackers contact LinkedIn users via an official-looking email in an attempt to bait them to click on a malicious link.

Once lured, users face a login screen to a fake portal where hackers harvest their credentials. The fake website often contains a form intended to steal users’ credentials, payment details, or other personal information.

“The goal of these phishing attacks is to get victims to click on a malicious link. LinkedIn emails, like another commonly targeted sender, shipping providers, are ideal because the email shares only summary information, and the user is compelled to click through to the on-platform detail and content,” Archie Agarwal, founder and CEO at ThreatModeler, told the E-Commerce Times.

Ideal Pickings

Hackers target LinkedIn users for two key reasons, according to Agarwal. Phishing is a digital play on the confidence game built on trust. Exploiting victims’ trust in their LinkedIn network is a natural alternative to phishing on corporate sites.

“The other advantage to targeting LinkedIn users is that targets are easy to identify and prioritize. Users’ profiles publish their title and affiliations,” he said.

It makes sense for attackers to use LinkedIn as a hook for socially engineered phishing attacks, added Hank Schless, senior manager, for security solutions firm Lookout, as it is generally accepted as a usable professional platform.

“However, it is not that different from any other social platform where an attacker can create a fake but convincing profile and message one of your employees with a malicious link or attachment,” he told the E-Commerce Times.


Rather than clicking on the email, LinkedIn users should instead go directly to the platform that supposedly notified them and look for that notification detail there, suggested Agarwal.

“Platforms like LinkedIn and DHL have an incentive to notify users through email and text but link the user back to the platform to raise visits/usage. This incentive will always stand at odds with protecting against phishing opportunities,” he said.

Phishing that appears to come from legitimate services cannot be stopped. At the same time, current defenses are not tuned to find these types of attacks, noted Patrick Harr, CEO of anti-phishing firm SlashNext.

“These attacks are rising, and the gateway to ransomware is phishing. As phishing continues to grow as a vector for ransomware attacks, zero-hour, real-time threat prevention solutions are critical to stopping these threats,” he told the E-Commerce Times.

The ability to block employee web traffic to phishing sites, via malicious links and other vectors, and stop a ransomware attack at the start of the kill chain, is paramount, he added.

Trust Factors In

The use of LinkedIn blurs the boundary between work purposes and personal career development. For individuals, such as sales and marketing professionals, or recruiters who are using LinkedIn for work purposes, employers should remind them that trust is not transitive.

Recognize that second-level connections are basically unknown individuals. All information on LinkedIn, no matter how professional it looks, can be entirely fake, observed Oliver Tavakoli, CTO at security firm Vectra AI.

“To avoid falling for LinkedIn scams, simply imagine the same message arriving via email in your work inbox. Apply the same training that you have received for identifying phishing scams. Only accept connections from people you have met or ones who have been formally introduced to you,” he told the E-Commerce Times.

LinkedIn should undertake efforts to find and delete fake profiles. It should also make it far easier for organizations to flag incorrect claims in fake profiles — for example, having worked at a particular organization — to quickly correct such inaccuracies, Tavakoli added.

“On the end-user front, there is no real substitute for education — teaching skepticism and not falling for the transitive effect of trust,” he advised.

Think About It

Considering that 92 percent of LinkedIn users’ data was exposed in the 2021 breach, it comes as no surprise cybercriminals have increased attacks leveraging LinkedIn data, prompted Harr. “However, based on our data, we are not seeing that LinkedIn has become the most imitated brand. This title belongs to Microsoft.”

With LinkedIn moving up the list of platforms used in phishing-related attacks, organizations should update their acceptable use policies (AUPs) to protect employees and mitigate the risk of web-based attacks, Schless recommended. Cloud-based web proxies such as secure web gateways (SWG) that are fed by rich threat intelligence datasets can help organizations build dynamic AUPs and protect enterprise data.

This enables admins to control which websites their employees and guest users can access with the purpose of blocking internet-borne malware, viruses, and phishing sites.

SWG is a critical solution to have in the modern enterprise security arsenal. It provides a way to block accidental access to malicious sites and can also be a safe tunnel to protect users from modern web-based threats such as ransomware, other malware, and phishing attacks, he explained.

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Jack M. Germain
More in Hacking

Technewsworld Channels