Researchers at Egress have just issued findings that LinkedIn-themed phishing attacks are up 232% in February. Excerpt:
Since February 1st, 2022, we have recorded a 232% increase in email phishing attacks which are impersonating LinkedIn. These attacks use display name spoofing and stylized HTML templates to socially engineer victims into clicking on phishing links and then entering their credentials into fraudulent websites.
Hackers have been using social engineering to hack systems since the first hackers guessed at user\’s passwords by finding out children, spouses and SO\’s names. The fact that the hackers are using phishing scams to obtain the identities of the 810 million LinkedIn users – should surprise no one.
What is key here is to educate users to the fact that all forms of media are under attack – which of course, includes social media. In addition, enterprises must incorporate zero trust on the resources that users are attempting to achieve, given that the likelihood is always high that the user\’s identity may be compromised from this or another type of identity attack. A key mitigation method should also be the use of identity triggers that alert relevant personnel on anomalous permission request/changes and activities.
Email remains the primary means of electronic communication today, that’s why it remains a high-value cyber-attack vector for bad actors. And based on the abundance of readily available information such as legitimate email addresses and job roles, a bad actor can take a targeted approach. That might be, for example, sending a business email from a compromised identity to the transfer funds department, or even to cast a wider net by sending emails to multiple departments. Currently, the burden is on the users and organizations to understand the type of [phishing] attacks stemming from such available information. That’s why it’s important to always raise awareness of the fact that an organization is being targeted, and ways to mitigate such attacks. Prevention still starts with good proper email etiquette.
It will be good for social media sites to further understand how their regular, ongoing communications – designed with good intent – are being used for phishing and look at ways to protect and educate their customers. Also, it’s important to look to see if bad actors are users of the organization’s sites and take appropriate measures.