Phishing campaigns like to exploit popular companies and brands, usually with the goal of capturing the account credentials of people who use those services. Typically, companies such as Microsoft and Google are the most exploited brands. But a report released Tuesday by cyber threat intelligence provider Check Point Research notes LinkedIn as the brand most seen in the latest phishing campaigns.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
For the first quarter of 2022, LinkedIn accounted for 52% of all phishing-related attempts analyzed by Check Point across the world. Its position at the top of the rankings revealed a major increase from the previous quarter when LinkedIn was in fifth position, accounting for only 8% of all phishing attempts. During the quarter, LinkedIn snagged the top spot from DHL, which dropped to second place, appearing in 14% of all attempts.
Beyond LinkedIn and DHL, other brands that appeared on the list included Google, Microsoft, FedEx, WhatsApp, Amazon, Maersk, AliExpress and Apple. The exploitation of LinkedIn is part of a larger strategy in which attackers are leveraging social networks ahead of shipping companies like DHL and technology players like Google and Microsoft.
In one phishing campaign revealed by Check Point, the attacker sent an email in Chinese spoofing the LinkedIn brand with logos and images from the company. The email itself was sent from the address “LinkedIn (smtpfox-6qhrg@tavic.com.mx)” and contained the subject line “M&R Trading Co.,Ltd.” The message prompted the recipient to click on a link, resulting in a login page that asked them to enter their LinkedIn username and password. Of course, any credentials entered were then taken by the attackers.
With shipping companies also being exploited in phishing attacks, another campaign abused Danish shipper Maersk. Using the branding and images from Maersk, an email was sent from an address called “Maersk Notification (service@maersk.com)” with the subject line of “Maersk: Verify Copy for Bill of Lading XXXXXXXXX ready for verification.” The message prompted the user to download an Excel file named “Transport-Document.” But downloading and opening the attachment would infect the system with the Agent Tesla remote access Trojan.
“Criminal groups orchestrate these phishing attempts on a grand scale, with a view to getting as many people to part with their personal data as possible,” said Omer Dembinsky, data research group manager at Check Point Software. “Some attacks will attempt to gain leverage over individuals or steal their information, such as those we’re seeing with LinkedIn. Others will be attempts to deploy malware on company networks, such as the fake emails containing spoof carrier documents that we’re seeing with the likes of Maersk.”
To help you avoid becoming a victim of phishing emails, Check Point offers the following tips:
- Be wary when asked to provide personal information and credentials at websites and business applications.
- Think before you open any email attachment or click on a link in a message. This is especially true if the email seems to come from a company such as LinkedIn or DHL, as these may be phishing messages.
- Scan incoming emails for any misspellings, typos and other mistakes.
- Watch out for emails with requests of an urgent nature, such as one asking you to change your password.
“The best defense against phishing threats, as ever, is knowledge,” Dembinsky added. “Employees in particular should be trained to spot suspicious anomalies such as misspelled domains, typos, incorrect dates and other details that can expose a malicious email or text message. LinkedIn users in particular should be extra vigilant over the course of the next few months.”
