According to Egress, a cybersecurity firm, since February 1st phishing scams impersonating LinkedIn have increased by 232%. The firm released a report on cybercriminals masquerading as LinkedIn, spoofing email fields, and using fake HTML templates to deceive victims into clicking on links in Microsoft Outlook.
It is common to receive links from LinkedIn over email, instant message, or SMS. The job market has fluctuated in recent years, drawing attention towards job seeking and networking platforms like LinkedIn. The networking platform has also gained attention from scammers, whether they are impersonating employers or simply sending malicious links to victims for credential harvesting websites.
Job seekers have become accustomed to receiving emails from LinkedIn. Some of the most common subjects are, “Your profile matches this job”, “You have 1 new message”, or “You appeared in 5 searches this week”. Cybercriminals are now using email addresses with spoofed LinkedIn display names to send emails with similar subject lines. These emails use the same stylized HTML templates, including LinkedIn icons, brand colors, and logos.
Source- egress.com
Within the email, the scammers use other renowned organizations, such as CVS, Carepoint, and American Express to make the emails appear more legitimate. When victims click the link within the email, it directs the victim to a credential harvesting site designed to capture their LinkedIn credentials. The email footer will often contain the same elements you would generally find in any of LinkedIn’s emails including their global headquarters address, links to unsubscribe from notifications, and their support section.
Egress states that these emails are particularly worrisome, considering thousands of people are looking for a new job opportunity or even switching companies. This escalates the probability that many will fall for the malicious links when they look like offers or opportunities.
With 810 million users across 200 countries, LinkedIn provides an extensive target pool for cybercriminals. LinkedIn has millions of users, many of whom are accustomed to seeing daily emails from the job-seeking platform. They may click on the malicious link without giving a second thought, giving these scammers a lucrative pool of victims. These phishing attacks can fool job seekers by making them believe their profile is being viewed by many recruiters and their work experience is relevant to those employers.
According to Egress, these phishing attacks are bypassing traditional email security measurements to reach people’s inboxes. Organizations should examine their current anti-phishing security defense to ensure they have adequate controls in place to prevent spoofed emails. Users should be careful when opening any notification that asks them to click on a link, especially on smartphones. Hover over any hyperlink before clicking, but the best practice is to go directly to LinkedIn to check for any messages or updates.
For more news and updates, visit https://blog.excellimatrix.com/
You can also reach out to us on Facebook, & LinkedIn or Contact us directly
