LinkedIn and Microsoft are the most impersonated brands in phishing attacks

LinkedIn was exploited in almost half of the phishing attempts seen by Check Point Research during the second quarter of 2022.

LinkedIn and Microsoft took top spots as the most exploited brands in phishing attacks last quarter, Check Point Research reported on Tuesday. For the quarter, LinkedIn was seen in 45% of all phishing attempts, while Microsoft appeared in 13% of them. Other brands that popped up included DHL in 12% of the attacks, Amazon in 9%, and Apple in 3%. Adidas, Google, Netflix, Adobe and HSBC rounded out the top ten.

LinkedIn’s share of phishing attempts dropped from 52% in the first quarter, but the job networking site was still the number one most exploited brand. To trick LinkedIn users, attackers imitate the style of the actual company with emails that use such subject lines as “You appeared in 8 searches this week” or “You have one new message” or “I’d like to do business with you via LinkedIn.” Though the messages seem to come from LinkedIn, they originate from different addresses used by the scammers.

As the second most spoofed brand, Microsoft was seen in more than double the number of phishing attempts from the first quarter of the year. Given the company’s popularity among consumers and organizations, these attacks pose a risk to a wide variety of people. Once a scammer steals your Microsoft account credentials, they can access all the associated products and services you use, including Outlook, Teams and SharePoint.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

In one example analyzed by Check Point, a phishing email spoofing LinkedIn imitated the site’s branding with an email address claiming to be from LinkedIn Security. Using a subject line of “LinkedIn Notice!!!,” the message tried to convince the recipient to click on a link under the pretext of updating their LinkedIn account information. In actuality, the link led the victim to a malicious webpage that asked for their account credentials, which were then captured by the attackers (Figure A).

Figure A

Another phishing campaign spotted by Check Point tried to steal the user’s Outlook account details. Sent from an address named “Outlook OWA,” the message sported a subject line of “[Action Required] Final Reminder – Verify your OWA Account now.” Clicking on the link contained in the email redirected the user to a phony Outlook login page where their account credentials were then captured (Figure B).

Figure B

How to defend against phishing attempts

To protect yourself and your fellow employees from these types of phishing attacks, Check Point Software Field CISO Pete Nicoletti offers the following tips:

Think before you click on links or attachments in emails

Be wary of emails that claim to be from LinkedIn, Microsoft, Amazon or other popular companies, especially if they sport such subject lines as “Package Delivery Status” or “We owe you a credit.” Instead of responding to the message or clicking any links provided, log into the company’s real website with your account and directly check for refunds, shipping status and other updates.

Turn to multi-factor authentication

Enable MFA for all your important financial and shopping accounts as well as your email administration. Make sure you’re set up to receive text messages or email notifying you of password changes to any of your accounts.

Use strong passwords

Rely on a good password manager to keep your passwords organized. Use the password manager on your PC, phone and laptop so that your passwords are synced and available on any of your devices. Enter your email address at the Have I been pwned website to see if you’ve been caught in any data breaches.

Keep all your devices updated

Make sure your PC and phone are fully patched and updated. Use reliable antivirus software and regularly scan for malware and other threats.