LinkedIn has become synonymous with networking, career development, and job hunting. Now it looks like we can add another entry to that list: phishing attacks! A new report suggests that LinkedIn was the most popular site for phishing attempts in the first quarter of 2022. But why are cybercriminals using LinkedIn? And how can you protect yourself?
According to a report by Check Point Research, 52% of all phishing attempts in the first three months of 2022 involved the networking and social media site LinkedIn.
This is the first time it’s topped the list, thanks to a staggering increase of 44% from just 8% in the previous quarter. In a distant second place is DHL, the courier service, which currently accounts for 14% of attacks during the same period.
Understandably, many LinkedIn users may be wondering why this sudden change has occurred and how they can protect themselves.
So what is phishing, anyway? These types of attacks can occur across multiple websites, apps, and devices, and there are many variants. However, they’re all classed as social engineering attacks and involve taking on a false identity to try and extract information or spread malware.
A classic phishing email, for example, will be made to look as though it comes from an official, trustworthy source. The criminals sending it might pretend to be a bank or an online payments service and will ask the receiver to give them some information (password details, pin codes, etc.) or to click a link.
The message may also urge a victim to click the link to claim a prize or to reset their password. When they do, they might download malware or end up exposing private information.
While emails, texts, and phone calls can all be used for phishing attacks, social media is growing in popularity as a medium for hackers. If cybercriminals can access someone’s account, they can easily trick their friends and contacts into clicking on message links and downloading dangerous files.
But as we’ve already mentioned, many phishing scams rely on creating a sense of authority and trustworthiness, which can cause potential victims to lower their guard. This may be why LinkedIn is such a good platform for phishing.
LinkedIn is all about creating a sense of professionalism; it’s aimed at businesses and employees, and it’s not unusual to receive messages from people you don’t know on the site. Hiring managers and potential employers regularly contact people they don’t personally know, and it’s relatively easy to create the impression of a genuine LinkedIn profile.
It’s almost more of a surprise that hackers haven’t taken advantage of LinkedIn sooner. However, because they’ve focused their efforts elsewhere, the site may not have as rigorous and effective an anti-spam system as other social media services.
LinkedIn clearly needs to respond to this trend to protect users and the brand’s reputation. Their spam filtering systems need to be improved dramatically, preventing phishing messages from reaching targets or marking suspicious messages as high-risk.
An extreme option might be to remove the ability to add links into messages or to restrict this feature to accounts that have passed a higher standard of verification.
Speaking of which, verification processes should also be strengthened, since at the moment it’s very easy to set up a free account and start connecting with people even if you’re not who you say you are.
Completely removing the threat of phishing attacks is effectively impossible, but unless LinkedIn wants to find itself in first place again this quarter, it needs to offer a robust response and at least begin limiting the impact of cyber threats on the site.
On an individual level, users on LinkedIn have two choices. If you feel that the site is now too risky, you can delete your LinkedIn account completely. Alternatively, if you want to keep using it, you can take some steps to lower the risks of these attacks.
Want to read more like this?
Get the latest news and tips from NordVPN.