For the second quarter in a row, LinkedIn is the most imitated brand in phishing attacks, according to Check Point.
Some 45% of all phishing attempts were spoofs of LinkedIn. Rounding out the top 5:
- Microsoft (13%)
- DHL (12%)
- Amazon (9%)
- Apple (3%)
Impersonation attacks work because they look close to the real thing. End-users are accustomed to receiving emails from LinkedIn or other popular brands. If they don't do a close inspection, however, they won't notice that the URL is different or the sender address is amiss.
Here's one example:
A user might think to click on this link. However, the URL has nothing to do with LinkedIn: https://lin882[.]webnode[.]page/”
It then leads to this fake login page:
Whenever you receive an email from a brand, always do the following:
- Hover over the URL. If it's different than the brand name, stay away
- Hover over the sender address. If it's different that what you'd expect, stay away