LinkedIn most imitated brand for phishing attacks in Q2 2022, report

As more companies announce layoffs due to inflation, cybercriminals are imitating professional networking platforms such as Linkedin to target individuals with phishing campaigns to steal personal and work information. LinkedIn was the most imitated brand by cybercriminals for the second straight quarter of CY 2022 accounting for 45% of all brand phishing attempts, cybersecurity firm Check Point Research (CPR) said in its latest Brand Phishing Report, published Tuesday. 

In the first quarter, LinkedIn accounted for 52% of all brand phishing attacks, according to Check Point. 

In most LinkedIn-related phishing attacks, cybercriminals would send malicious emails to users with subject lines such as “You appeared in 8 searches this week” or “You have one new message," Check Point found.  Messages like these are common on LinkedIn and are likely to elicit a response from someone looking for a job or new connections. 

Social networks are usually the most imitated category followed by technology and shipping companies, according to Check Point.

Microsoft with a 13% share of all brand phishing attempts was the second most imitated brand during the quarter. Though its share of all attempts is much lower than LinkedIn, Check Point noted that brand impersonation involving Microsoft has doubled as compared to the previous quarter. Microsoft-related phishing surpassed DHL, which has now moved to the third spot with 12% of brand impersonation attempts. 

Researchers at Check Point warned that targeting in the name of companies such as Microsoft, which offer a wide range of products for work is a “danger to both individuals and organisations.”

To target Microsoft users, cyber criminals typically send an Outlook phishing email that takes them to a fraudulent Outlook webpage where they are asked to verify their account by entering their login credentials. Users who fall for the scam and enter their credentials end up handing over their account login details to cybercriminals. 

Adidas, Adobe, and HSBC are some of the brands that have entered the top ten list of most impersonated brands for the first time. Their share remained in single low digits, as per the Check Point report. 

“Phishing emails are a prominent tool in every hacker’s arsenal as they are fast to deploy and can target millions of users at relatively low cost,” Omer Dembinsky, data research group manager at Check Point said in a statement. 

Since most of these brands are trusted and have been getting a lot of traction due to the global job scenario, the likelihood of users clicking on the email sent in their name is also higher than usual. 

“The hackers trade on our trust in these brands. There’s a reason the hackers continue to use brand-based phishing. It works,” added Dembinsky.