Social media network LinkedIn comes first
The security researchers from Check Point Research (CPR), the specialist department of Check Point Software Technologies, have published their Brand Phishing Report for the first quarter of 2022. The report highlights the brands that were most often imitated by cyber criminals in January, February and March to steal information or payment data.
Sensational: The social media network LinkedIn is leading the ranking for the first time and was responsible for more than half (52 percent) of all phishing attempts this quarter. This represents a dramatic increase of 44 percent compared to the previous quarter, when the professional network was in fifth place and only 8 percent of phishing attempts served as a cover. LinkedIn overtook DHL as the most abused brand, which is by far the second most abused brand and accounted for 14 percent of all phishing attempts.
The latest report highlights the emerging trend of hackers taking advantage of social networks. They are now the most imitated category, ahead of shipping companies and technology giants such as Google, Microsoft and Apple. In addition to LinkedIn, WhatsApp also continues to rank among the top ten and was abused for almost one in 20 phishing attacks worldwide. The report highlights one particular example where LinkedIn users are contacted via an official-looking email to trick them into clicking on a malicious link. There, in turn, users are asked to log in through a fake portal, where their login details are intercepted.
Although it has slipped to second place, cyber criminals continue to take advantage of the general increase in e-commerce, targeting consumers and shipping companies. DHL ranks second after LinkedIn with 14 percent of phishing attempts; FedEx has moved from seventh to fifth place and now accounts for 6 percent of all phishing attempts; Maersk and AliExpress are in the top ten for the first time. The report highlights a special phishing strategy: e-mails branded with Maersk request the download of fake transport documents, which infected workplaces with malware.
Omer Dembinsky, Data Research Group Manager at Check Point Software Technologies
“These phishing attempts are simply random attacks. Criminal groups stage these phishing attempts on a large scale in order to outwit as many people as possible so that they reveal their personal data“” explains Omer Dembinsky, Data Research Group Manager at Check Point Software Technologies, “and some attacks are aimed at either influencing individuals or stealing their data, as we observe on LinkedIn. Other attacks attempt to inject malware into corporate networks, such as the emails with fake shipping documents that we observe regarding companies such as Maersk. Thus, if there was ever any doubt that social media would become one of the areas most attacked by criminal groups, the first quarter of 2022 has dispelled these doubts. While Facebook has dropped out of the top ten, LinkedIn has risen to number one and has been abused for more than half of all phishing attempts this year. Therefore, it should be said: the best defense against phishing threats is still the knowledge about them. Especially as employees, people should be trained to recognize suspicious anomalies, such as misspelled domains, typos, incorrect data, dubious senders and other details that can expose a malicious email or text message. LinkedIn users in particular should be particularly vigilant in the coming months.“
In a brand phishing attack, criminals try to imitate the official website of a well-known brand. You choose a similar domain name or URL and a similar design to the real page. The link to the fake can be sent to the target persons by e-mail or text message, or a user can be redirected while surfing the Internet, or he can be taken there by a fraudulent mobile application. The fake website often contains a form designed to steal users’ login details, payment details or other personal information.
Top 10 Phishing Brands
- LinkedIn (52% worldwide)
- DHL (14 percent)
- Google (7%)
- Microsoft (6 percent)
- FedEx (6 percent)
- WhatsApp (4 percent)
- Amazon (2%)
- Maersk (1 percent)
- AliExpress (0.8 percent)
- Apple (0.8 percent)
As always, Check Point advises all users to be careful when sharing personal data and credentials with business applications or websites, and advises thinking twice before opening email attachments or links – especially emails pretending to be from LinkedIn or DHL, as they are currently most likely to be misused as bait by scammers.