Email security, Vulnerability Management
LinkedIn continues to top spoofed brands in phishing
Share
BleepingComputer reports that LinkedIn accounted for 45% of all brand phishing attempts worldwide during the second quarter of 2022, making it the most spoofed brand in phishing attacks for two quarters in a row, far ahead of Microsoft, DHL, Amazon, and Apple.
Fraudulent LinkedIn emails used in phishing campaigns attempt to imitate typical messages sent by the platform, with sender addresses spoofed to seem automated or originate from the platform's support or security teams, a Check Point report showed.
Aside from fake LinkedIn Pro promotions, attackers have also been using account termination threats for "unverified" users and false policy updates as lures, with such messages redirecting to a phishing web page seeking victims' credentials, which could be leveraged for account takeovers.
Phishing actors could also leverage LinkedIn accounts to set fraudulent job offers similar to a recent attack by North Korean hackers who were able to steal $620 million in cryptocurrency by using a malicious PDF download as a lure to an online video game employee.
Related Events
Related Terms
BugBuffer OverflowBring Your Own Device (BYOD)DisassemblyEavesdroppingEmail SpoofingInternet Message Access Protocol (IMAP)Post Office Protocol, Version 3 (POP3)SpamStore-and-ForwardGet daily email updates
SC Media's daily must-read of the most current and pressing daily news