Security News

LinkedIn and Microsoft are the most impersonated brands in phishing attacks. LinkedIn and Microsoft took top spots as the most exploited brands in phishing attacks last quarter, Check Point Research reported on Tuesday.

LinkedIn was the most exploited brand in phishing attacks last quarter. A report released Tuesday by cyber threat intelligence provider Check Point Research notes LinkedIn as the brand most seen in the latest phishing campaigns.

Security researchers are warning that LinkedIn has become the most spoofed brand in phishing attacks, accounting for 52% of all such incidents at a global level. The data comes cybersecurity company Check Point, who recorded a dramatic uptick in LinkedIn brand abuse in phishing incidents in the first quarter of this year.

Just since Feb. 1, analysts have watched phishing email attacks impersonating LinkedIn surge 232 percent, attempting to trick job seekers into giving up their credentials. The phishing emails themselves were convincing dupes, built in HTML templates with the LinkedIn logo, colors and icons, the report added.

Learn how to detect phishing on LinkedIn and protect yourself from it. Abusing LinkedIn is one of those techniques that is very effective because a lot of professionals use and depend on LinkedIn for their activities or work relationships.

"Anyone can post a job under a company's LinkedIn account and it appears exactly the same as a job advertised by a company." If Google's LinkedIn company page is vulnerable, we will be able to post a job on their behalf and add some parameters to redirect applicants to a new website where we can harvest and what not usual tricks of social engineering," Singh further told BleepingComputer.

EXCLUSIVE: Anyone can create a job listing on the leading recruitment platform LinkedIn on behalf of any employer-no verification needed. "Anyone can post a job under a company's LinkedIn account and it appears exactly the same as a job advertised by a company."

Threat actors used a Safari zero-day flaw to send malicious links to government officials in Western Europe via LinkedIn before researchers from Google discovered and reported the vulnerability. TAG researchers discovered the Safari WebKit flaw, tracked as CVE-​2021-1879, on March 19.

Google security researchers shared more information on four security vulnerabilities, also known as zero-days, unknown before they discovered them being exploited in the wild earlier this year. The four security flaws were found by Google Threat Analysis Group and Google Project Zero researchers after spotting exploits abusing zero-day in Google Chrome, Internet Explorer, and WebKit, the engine used by Apple's Safari web browser.

A data set including information from 600 million LinkedIn users showed up for sale on a hacker forum this week. That's the third time in four months that scraped data from the networking site has been offered up for sale, according to a report from CyberNews.