There has been an increase in LinkedIn phishing scams of late that attempt to trick professionals into installing malware, disclosing their login credentials, or providing sensitive information that can be used to create convincing spear phishing emails.
Watch Out for LinkedIn Phishing Attacks!
Many professionals rely on LinkedIn for getting new business and finding employment. The professional networking platform has proven to be incredibly popular and, being business-related, notifications from the platform are less likely to be turned off, as they often are with social media networks such as Facebook.
A notification from LinkedIn could be a prospective client, a potential job opportunity, or an opportunity to grow your network but LinkedIn notifications may not be what they seem.
Common LinkedIn Phishing Scams
LinkedIn phishing attacks can take many forms and are conducted to achieve a variety of objectives. One common denominator in LinkedIn phishing emails is the use of LinkedIn logos and color schemes to make it appear that the notifications are genuine.
One of the most common scams involves messages that appear to have been sent via the professional networking platform from an individual looking to do business with a company. The emails include buttons that appear at face value to direct a user to LinkedIn, yet the destination URL is different. The landing page displays the LinkedIn login box, which has been scraped from the genuine website. The scam aims to steal LinkedIn credentials, which can be used to hijack accounts and conduct scams on the user’s connections. These scams can be identified quite easily by checking the destination URL in the message before clicking. If a link is clicked, always check the URL in the address bar before attempting to log in to ensure you are on the genuine LinkedIn website.
There has been an uptick in another type of LinkedIn phishing scam of late. Standard LinkedIn email templates, such as information about the number of profile views a user has received and the number of searches they have appeared in are common. As with the previous scam, while the messages look genuine, the hyperlinks in the messages do not direct the user to the LinkedIn website, instead they direct them to URLs hosting phishing kits. The landing pages use a variety of ruses to get the user to disclose sensitive information. One common scam is an online survey that asks a series of questions to obtain information that can be used to create convincing spear phishing emails.
Protect your MSP clients with the newest zero-day threat protection and intelligence against anti-phishing, business email compromise and zero-day attacks with PhishTitan.
Free Demo
Scammers often create fake profiles in an attempt to trick platform users into thinking they are conversing with a genuine user. These profiles tend to be used in targeted attacks for cyberespionage purposes. These attacks often see the scammer engage in conversations with the targets to build trust, before tricking them into visiting a malicious website or opening an emailed document that installs malware. These scams can be more difficult to identify than the previous two scams, although there are clues that this is a scam. Always check the profile of any potential connection. Fake profiles often have incomplete or inconsistent information, suspiciously low numbers of connections, and odd connections given the individual’s claimed job. Even if the profile appears genuine, you should always be wary of any links or documents that are shared.
A Spam Filtering Solution Could be Your Savior!
Some of the scams are easy to identify, but many are very realistic and have convincing lures that can be difficult to distinguish from genuine emails. These scams fool many people into disclosing sensitive information or installing malware, even individuals who believe they are security-aware and would not be fooled by phishing scams. Vigilance is the key to identifying the scams but an advanced spam filtering solution will ensure that you are not troubled by these scam emails and phishing attempts.
Businesses that rely on the basic spam protections provided with the Microsoft 365 license should consider investing in a more advanced spam filtering solution, as many phishing emails bypass the Exchange Online Protection (EOP) mechanisms provided free with Microsoft 365 accounts. For greater protection, consider a spam filtering solution such as SpamTitan, which augments Microsoft 365 defenses and will better protect you against phishing attacks.
For more information about SpamTitan and how it can protect you and your employees from phishing attacks, botnets, viruses, malware, and ransomware attacks, give the TitanHQ team a call or sign up for the free trial and find out for yourself the different SpamTitan makes.