IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

LinkedIn phishing attacks have surged 232% since start of February

Hackers are tricking users into clicking on fake LinkedIn alerts in an effort to steal login information

The LinkedIn logo displayed on a smartphone resting on a keyboard

Email phishing attacks that use the LinkedIn brand have increased by 232% since 1 February, 2022, research has revealed.

The attacks tend to use display name spoofing and stylised HTML templates to socially engineer victims into clicking on phishing links and then entering their credentials into fraudulent websites, according to cyber security firm Egress.

The emails use targeted subject lines associated with LinkedIn, including “You appeared in 4 searches this week” or “You have 1 new message”. The emails contain the LinkedIn logo and brand colours, as well as using other well-known organisation names, like American Express, to make the attacks more convincing.

When clicked, the phishing links send the victim to a website that harvests their LinkedIn log-in credentials, according to the research.

Current employment trends are making these kinds of attacks more convincing, with the research citing how “The Great Resignation” continues to dominate headlines as a record number of US citizens left their jobs in 2021 for new opportunities.

“It is likely these phishing attacks aim to capitalise on jobseekers (plus curious individuals) by flattering them into believing their profile is being viewed and their experience is relevant to household brands,” Egress stated in its report.

Although the display name is always LinkedIn and the emails follow a similar pattern, they are sent from different webmail addresses.

The security company said that it’s unknown whether these attacks are the work of one cyber criminal or a gang operating together. However, most targets are companies in North America and the UK, operating across a variety of industries.

Egress advised that individuals should take extreme caution when reading notification emails that request them to click on a hyperlink, especially on mobile devices. It recommends hovering over links before clicking on them to ensure they are going to a trusted source, and going directly to LinkedIn to check for messages and updates.

Last month, DHL overtook Microsoft as the most frequently mimicked brand for phishing attacks, accounting for 23% of all phishing attempts. Microsoft accounted for only 20% of all attempts, down from 29% the previous quarter. LinkedIn came fifth in the rankings, accounting for 8% of all phishing attempts.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Attackers use CSS to fool anti-phishing systems
phishing

Attackers use CSS to fool anti-phishing systems

11 Nov 2021
X-rated phishing attacks just keep growing
phishing

X-rated phishing attacks just keep growing

4 Jun 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022