LinkedIn protagonist of the brand phishing, in spite of itself

The most used name in scam email campaigns is that of the social network owned by Microsoft, according to new CheckPoint monitoring. Published on 21 April 2022 by Redazione

In order to steal information and access data, the authors of phishing scams bother with any name. Also, and above all, that of LinkedIn. In the first quarter of 2022 this is the most exploited name in the brand phishing campaigns intercepted by Check Point Software Technologies, and it is the first time that it has happened in such an overwhelming way: LinkedIn dominated the top-ten ranking in a clear way, appearing in well 52% of malicious messages observed worldwide.

And the leap forward from the previous quarter, in which LinkedIn was used for only 8% of phishing messages, is remarkable, according to Check Point's monitoring. Following in the ranking of the most exploited names between the beginning of January and the end of March, Dhl (with a share of 14%), Google (7%), Microsoft (6%), FedEx (6%), WhatsApp (4%), Amazon (2%), Maersk (1%), AliExpress (0.8%) and Apple (0.8%).

Typically, in a brand phishing attack, message authors try to mimic the official website of a well-known brand, both with colors, structure and other graphic design elements of the site, and with domain names and URLs that resemble the original ones. . In most cases, the attack vector is e-mail, but the link can also be sent via SMS or chat messages. In other cases, the user is redirected while browsing the web, or the link is activated by a fraudulent mobile application. The fake website often contains a form designed to steal user credentials, payment details or personal data.

“These phishing attempts are simply opportunities for hackers,” commented Omer Dembinsky, data research group manager at Check Point. "Criminal groups organize these large-scale phishing attempts with the aim of getting as many people as possible to share their personal data. Some attacks will aim to steal personal information from individuals, as we are seeing with LinkedIn. Others will be attempts to distribute malware on corporate networks, such as the fake emails containing bogus transport documents that we are seeing with Maersk ”.