Social media network LinkedIn became, by far, the most impersonated brand in phishing attempts worldwide during the first quarter of 2022 (Q1’22), according to a new report.
In a brand phishing attack, cybercriminals try to imitate the official website of a well-known brand by using a similar domain name or URL and webpage design to the genuine site. The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, payment details, or other personal information.
The Q1 Brand Phishing Report was published by Check Point Research, the Threat Intelligence arm of Check Point—Software Technologies Ltd., and highlights the brands that were most frequently imitated by cybercriminals during January, February, and March.
A ‘Dramatic’ Shift
LinkedIn dominated the rankings for the first time ever, accounting for more than half (52%) of all phishing attempts during Q1’22. This represents a dramatic 44% uplift from the previous quarter, where the professional networking site was in fifth position accounting for only 8% of phishing attempts. LinkedIn overtook shipping company DHL as the most targeted brand, which is now in second position and accounted for 14% of all phishing attempts during Q1’22.
The latest report highlights an emerging trend toward threat actors leveraging social networks, now the No. 1-targeted category ahead of shipping companies and technology giants such as Google, Microsoft, and Apple. As well as LinkedIn being the most targeted brand by a considerable margin, WhatsApp maintained its position in the top 10, accounting for almost 1 in 20 phishing-related attacks worldwide. The report highlights a particular example where LinkedIn users are contacted via an official-looking email in an attempt to lure them to click on a malicious link. Once there, users would again be prompted to log-in via a fake portal where their credentials would be harvested.
Shipping is now the second-most-targeted category, with threat actors continuing to take advantage of the general rise in e-commerce by targeting consumers and shipping companies directly. DHL is second to LinkedIn, accounting for 14% of phishing attempts; FedEx has moved from seventh position to fifth, now accounting for 6% of all phishing attempts; and Maersk and AliExpress have entered the top 10 list for the first time. The report highlights one particular phishing strategy that used Maersk-branded emails to encourage the download of spoof transport documents, infecting workstations with malware.
According to the report, below are the top 10 phishing brands in Q1’22:
- LinkedIn (relating to 52% of all phishing attacks globally)
- DHL (14%)
- Google (7%)
- Microsoft (6%)
- FedEx (6%)
- WhatsApp (4%)
- Amazon (2%)
- Maersk (1%)
- AliExpress (0.8%)
- Apple (0.8%)
The Best Defense
“These phishing attempts are attacks of opportunity, plain and simple. Criminal groups orchestrate these phishing attempts on a grand scale, with a view to getting as many people to part with their personal data as possible,” said Omer Dembinsky, Data Research Group Manager at Check Point Software. “Some attacks will attempt to gain leverage over individuals or steal their information, such as those we’re seeing with LinkedIn. Others will be attempts to deploy malware on company networks.”
He continued, “If there was ever any doubt that social media would become one of the most heavily targeted sectors by criminal groups, Q1 has laid those doubts to rest. While Facebook has dropped out of the top 10 rankings, LinkedIn has soared to number one and has accounted for more than half of all phishing attempts so far this year.
“The best defense against phishing threats, as ever, is knowledge. Employees in particular should be trained to spot suspicious anomalies such as misspelled domains, typos, incorrect dates, and other details that can expose a malicious email or text message. LinkedIn users in particular should be extra vigilant over the course of the next few months.”