Security News > 2022 > February > Massive LinkedIn Phishing, Bot Attacks Feed on the Job-Hungry
Just since Feb. 1, analysts have watched phishing email attacks impersonating LinkedIn surge 232 percent, attempting to trick job seekers into giving up their credentials.
The phishing emails themselves were convincing dupes, built in HTML templates with the LinkedIn logo, colors and icons, the report added.
"While the display name is always LinkedIn and the emails all follow a similar pattern, the phishing attacks are sent from different webmail addresses that have zero correlation with each other," the analysts added.
Last summer, a massive data-scraping attack against LinkedIn was discovered to have collected at least 1.2 billion user records that were later sold on underground forums.
"It boils down to the fact that LinkedIn has hundreds of millions of members - many of whom are very accustomed to seeing frequent legitimate emails from LinkedIn - and may inevitably click without carefully checking that each and every email is the real deal."
"Given these emails are coming from a legit LinkedIn email address makes it especially difficult to identify the danger. My rule is to never click on email links. Always visit the site directly."
News URL
https://threatpost.com/massive-linkedin-phishing-bot-attacks-hungry-job-seekers/178476/
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)