Beware! Job offer on LinkedIn could be a phishing attack

Job-seekers delighted to find employment on LinkedIn need to be on guard. A mail promising new opportunities could be a scam meant to steal the applicant’s money and personal data, says a Check Point Research (CPR) report.

Titled ‘Brand Phishing Report’, the Check Point Research report states that LinkedIn is now the most often imitated brand by cyber criminals for phishing.

More than half (52%) of phishing attempts online originated from LinkedIn between January and March this year. During the quarter October-December 2021, the professional networking site was placed fifth with only 8 per cent of phishing attempts.

LinkedIn leaves behind DHL, which is now second with 14% of all phishing attempts. Microsoft, Google, WhatsApp, FedEx, Amazon, Maersk, AliExpress and Apple are the other brands targeted for phishing.

Check Point Software data research group manager Omer Dembinsky says that Facebook has dropped out of the top 10 phishing sites, but LinkedIn’s ascent to the top proves that social media networks are still on the target of cyber criminals. Dembinsky said that targeting of LinkedIn seems like a part of the larger plan where cyber attackers leverage social networks instead of shipping majors like DHL and tech masters like Google and Microsoft.

Also read: ‘Box-office tsunami’: Trade in awe as KGF-2 ambushes record after record

“If there was ever any doubt that social media would become one of the most heavily targeted sectors by criminal groups, Q1 has laid those doubts to rest,” he says.

“LinkedIn users should be extra vigilant over the course of the next few months.”

Dembinsky said that such phishing attempts are “attacks of opportunity, plain and simple”. The group manager said that criminal groups orchestrate these phishing attempts on a grand scale to get as many people to part with their personal data as possible.

“Some attacks will attempt to gain leverage over individuals or steal their information, such as those we’re seeing with LinkedIn. Others will be attempts to deploy malware on company networks, such as the fake emails containing spoof carrier documents that we’re seeing with the likes of Maersk,” he added.

All about brand phishing attack

Criminals create fake websites imitating the official website of the brand. The link to the fake website is sent by email or SMS with a link asking the user to go to a web browser.

The fake website opens a form which asks the user to disclose like user credentials, payment details or other personal information with a clear intent to steal it.

How to protect from phishing attacks?

Dembinsky says the best defence against phishing threats is knowledge. “Employees should be trained to spot suspicious anomalies such as misspelt domains, typos, incorrect dates and other details that can expose a malicious email or text message,” he says.

Employees should also be cautious when it comes to urgent requests such as ‘change your password now’.

Top 10 targeted sites 

Below are the top brands ranked by their overall appearance in brand phishing attempts:

1. LinkedIn (relating to 52 per cent of all phishing attacks globally)

2. DHL (14 per cent)

3. Google (7 per cent)

4. Microsoft (6 per cent)

5. FedEx (6 per cent)

6. WhatsApp (4 per cent)

7. Amazon (2 per cent)

8. Maersk (1 per cent)

9. AliExpress (0.8 per cent)

10. Apple (0.8 per cent)