If you have an account on LinkedIn be aware that has become one of the most popular sites for cyber criminals in phishing attacks.
According to research analysis over half of all phishing attacks (52%) in the first three months of this year attempted to exploit LinkedIn accounts.
- The phishing emails are designed to look like they come from LinkedIn, but if the recipient clicks the link, they're sent to a login page that is mocked up to mimic LinkedIn.
- If a user enters their email address and password, they'll be handing them to the attacker, who can use that information to log in to the victim's LinkedIn account.
The attacks aren't particularly sophisticated. But by targeting a commonly used service like LinkedIn, there's a higher chance that some of phishing mail recipients won't spot that the email is actually an attack.
While LinkedIn was the most commonly spoofed brand for phishing attacks during the first three months of this year is that cyber criminals are attempting to exploits other brands in attacks. These include DHL, Google, Microsoft, FedEx, WhatsApp, Amazon and Apple.
- Some of the warning signs that an email might be an attempted phishing attack can include the message containing bad spelling, grammar, and a message that isn't addressed to you personally, or a message claiming to be urgent that needs to be acted upon immediately. Messages asking you to download an attachment to install a software update should also be treated with caution.
- A common tactic used in phishing emails is to tell users that their account has been hacked. If you are worried that an email with a cybersecurity warning that says you need to change your password might be legitimate, the best course of action is to avoid the URL in the email and visit the website directly. If there really is an issue, the website will tell you and you can take the necessary action.
Given that LinkedIn is firmly in the sights of cyber criminals LinkedIn users need to take particular caution.
LinkedIn provides users with the option to use multi-factor authentication. If you use it can provide an extra barrier against phishing attacks, while generally strengthening the security on your account.