Security News > 2022 > July > LinkedIn remains the most impersonated brand in phishing attacks
LinkedIn is holding the top spot for the most impersonated brand in phishing campaigns observed during the second quarter of 2022.
Compared to the first quarter of the year, LinkedIn impersonation dropped from 52% to 45%. However, it maintains a considerable distance from the second most imitated brand by fraudsters, Microsoft, currently at 13%. The central theme in spoofed Microsoft emails is requests to verify Outlook accounts to steal usernames and passwords.
As Check Point explains in its report, phishing campaigns using fake LinkedIn emails try to mimic common messages from the platform to its users, such as "You appeared in 8 searchers this week", or "You have one new message."
Some lures used in these campaigns include fake promotions for the LinkedIn Pro service, bogus policy updates, or even threats of account termination for "Unverified customers."
They all lead to a phishing web page where the victims are asked to enter their LinkedIn credentials, enabling the threat actors to take over the accounts.
With access to a LinkedIn account, a threat actor could deploy targeted phishing campaigns to reach the victim's coworkers or valuable individuals in their connections network.
News URL
Related news
- New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S. (source)
- Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (source)
- Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (source)
- TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (source)
- FBI warns of massive wave of road toll SMS phishing attacks (source)
- FIN7 targets American automaker’s IT staff in phishing attacks (source)
- AI set to play key role in future phishing attacks (source)
- LA County Health Services: Patients' data exposed in phishing attack (source)
- LA County Health Services: Patients' data exposed in phishing attack (source)
- AI-driven phishing attacks deceive even the most aware users (source)