LinkedIn has jumped to the top of the list of the most impersonated brands in phishing attacks, now accounting for 52% of all phishing attacks involving brand impersonation – a 550% increase from the 8% in the previous quarter, according to Check Point.
LinkedIn phishing scams take various forms, although one of the most common is a fake request from an individual to connect on the platform. The phishing emails include the official LinkedIn logo and are indistinguishable from the genuine LinkedIn communications that they spoof. If the user clicks on the Accept button, they are directed to a phishing webpage that is a carbon copy of the genuine LinkedIn page aside from the domain.
The increase in LinkedIn phishing attacks is part of a trend in attacks targeting social media credentials. While these credentials do not provide an immediate financial return, social media account credentials are valuable to cybercriminals as they allow them to conduct highly effective spear phishing attacks. If a corporate social media account is compromised, trust in the company can be abused to distribute malware and links can be added to direct followers to malicious websites.
Failed delivery and shipping notifications are still a common theme in phishing emails targeting businesses and consumers. Around 22% of phishing attacks in Q1, 2022 involved the impersonation of shipping and delivery companies. The package delivery firm DHL is the second most spoofed brand accounting for 14% of brand impersonation attacks. Many of these shipping and delivery phishing emails are conducted to distribute malware, usually through the downloading of fake documents that include malicious code that installs malware such as remote access Trojans.
Phishing is the number one threat faced by businesses. Most successful cyberattacks start with a phishing email, with stolen credentials or malware providing cybercriminals with the foothold they need in a corporate network to launch an extensive attack. Phishing attacks are cheap and easy to conduct and they target employees, who can easily be fooled into installing malware or disclosing their credentials.
This month, a healthcare data breach was reported by Christie Clinic in the United States that involved a hacker gaining access to a single email account. That account was used in a business email compromise attack to divert a large vendor payment. Business email compromise attacks are the main cause of losses to cybercrime according to the Federal Bureau of Investigation. In this breach, the compromised email account contained the personal data of more than half a million patients. Cyberattacks such as this only require one employee to respond to a phishing email for a costly data breach to occur.
Also this month, a new malware distribution campaign has been identified that attempts to install the Meta information stealer, which is capable of stealing passwords stored in browsers and cryptocurrency wallets. The malware is delivered via phishing emails with Excel spreadsheet attachments, which include malicious macros that download and install malware via HTTPS from GitHub. In this campaign, the lure used to trick recipients into opening the file claims to be a notification about an approved transfer of funds to Home Depot, the details of which are detailed in the attached spreadsheet. In order to view the contents of the spreadsheet, the user is told they must enable content to remove DocuSign protection. Enabling content allows the macros to run.
An advanced spam filtering solution such as SpamTitan will help to ensure that inboxes are kept free of phishing emails and any emails containing malicious scripts or attachments are not delivered. SpamTitan includes dual antivirus engines to ensure malware is identified and sandboxing to catch malware variants that bypass signature-based detection mechanisms.
While a spam filter used to be sufficient for blocking phishing emails, the sophisticated nature of phishing attacks today and the sheer volume of phishing emails being sent, mean some phishing emails will inevitably arrive in inboxes. For this reason it is also important to provide regular security awareness training to the workforce. TitanHQ can help in this regard through SafeTitan security awareness training and phishing simulations. SafeTitan is the only behavior-driven security awareness solution that delivers security awareness training in real-time. The solution is proven to significantly improve resilience to phishing attacks.