Phishing: a growing cyber security threat to all organisations
Today phishing is behind a quarter of all data breaches, and whether an attack results in immediate financial losses or deeper penetration of the corporate network, phishing represents a growing threat to all organisations.
In a typical phishing attack, cyber criminals impersonate legitimate email senders to get recipients to click on malicious links. A form of social engineering, the attacker sends a spoofed or fake message designed to trick a person into revealing sensitive information to the attacker, or so that the cybercriminal can deploy malicious software like ransomware on the victim’s infrastructure
Today phishing attacks have become increasingly sophisticated and email phishing can take many forms, from mass-mailings with links to malware-infested websites to sophisticated whale-phishing attacks that personally target senior executives. The common feature of all such attacks is that they impersonate a person or a brand in an attempt to convince the recipient to take an action—typically, clicking on a harmful link.
Egress reported a 232% increase in LinkedIn phishing attacks
A good example of how phishing attacks are escalating is a report from our partner Egress who recorded a huge increase in email phishing attacks (232%) since February 2022. These attacks are impersonating LinkedIn and use tactics such as spoofing and HTML templates to socially engineer victims into clicking on phishing links and then enter their credentials into fraudulent websites.
Using webmail addresses with a LinkedIn display name, the phishing emails are sent from different webmail accounts. These also use targeted subject lines that are commonly associated with LinkedIn such as job profiles or claims that the targeted individual has appeared in a number of searches. Additionally, within the body of the email, the cybercriminal uses other ways to fool individuals and make the attacks more convincing, such as using well-known household brand names.
Once the individual clicks on the phishing link it sends the victim to a website that harvests their LinkedIn log-in credentials. It is so easy to be fooled by these types of approaches because often elements of the attack look legitimate. For example, company addresses and other brand credentials often appear on the footers of such emails.Learn how LinkedIn is being used as an email phishing attack tool by cyber criminals as job seekers get spoofed into clicking on links. Click To Tweet
The emails below demonstrate the variety in HTML templates and subject lines used by the attacks. You can also see the Linkedin display name spoofing, which is designed to hide the webmail accounts used to launch the attacks.
Phishing attacks target job seekers
One area and tactic that appears more common than others right now is for these phishing attacks to target job seekers. Current employment trends post pandemic means that we are seeing a lot of employees looking for alternative roles and a lot of movement in the labour market. This has resulted in an increase in job listings, job vacancies and other job services and a general increase in job searches via LinkedIn. Therefore, those who are actively seeking new roles are more easily convinced about such approaches on LinkedIn and more likely to click on spoof links.
Why LinkedIn is being targeted
Back to the Egress research, which covered companies in both North America and the UK, and highlighted that targets varied enormously, with individuals operating within a lot of different industries. LinkedIn has over 810 million members in more than 200 countries, which provides an extensive pool of victims for cybercriminals. Many professionals choose to include their corporate email address within their profile, and many regularly receive updated communications from LinkedIn. Consequently, again they are more likely to trust a phishing email.
In most cases, the cybercriminals involved use a legitimate LinkedIn email as their starting point for these attacks. They often have branded elements, including the LinkedIn logo, to make the phishes more convincing. The attacks are bypassing traditional email security defences to be delivered into people’s inboxes. Without technology deployed within the mailbox to help them detect attacks, it can be difficult for individuals to avoid falling victim.
AI-powered anti-phishing solutions
Phishing emails are getting harder to spot, and some will still get past even the most observant users. Additionally, there is a limit to what organisations can expect users to do. Here at Northdoor, we advise companies to examine their current anti-phishing security stack to ensure they have intelligent controls deployed directly into people’s mailboxes in order to combat such attacks. Likewise, we advise users and individuals to act with extreme caution when reading notification emails that request them to click on a hyperlink, particularly on mobile devices.
We always recommend hovering over links before clicking on them and going directly to LinkedIn to check for messages and updates. Additionally, our Northdoor next-generation phishing protection is AI-powered and intelligently adapts to the evolving threats and enhances protection while reducing the strain on IT staff and users.
It is likely that phishing will continue to grow as a trend in 2022 and spotting a phishing email is becoming increasingly difficult for even the most careful users. Therefore, having an intelligent ‘learning’ tool is essential in order to protect businesses against these types of attacks.
Going forward we advise all individuals to be careful when clicking on any LinkedIn links and to stop and ask a few questions before you click such as:
- Is the design and quality what you’d expect?
- Does the email contain a veiled threat that asks you to act urgently?
- Be suspicious of words like ‘send these details within 24 hours’ or ‘click here immediately’.
- Is the email addressed to you by name, or does it refer to ‘valued customer’, or ‘friend’ or ‘colleague’?
These are all signs that this approach could be part of a phishing scam. And finally remember that if it sounds too good to be true, it probably is.