LinkedIn 'most faked' brand in phishing attempts

Friday, 29 July, 2022

A new report highlighting the brands most frequently imitated by cybercriminals has found that LinkedIn continues to hold the number one spot.

The Brand Phishing Report for Q2 2022 is published by Check Point Research (CPR), the threat intelligence arm of Check Point Software Technologies. The report shines a light on the brands most used by cybercriminals that attempt to steal individuals’ personal information and payment credentials.

LinkedIn continued its reign as the most imitated brand after entering the rankings for the first time in Q1. While its share has dropped slightly — down from 52% in Q1 to 45% of all phishing attempts in Q2 — the report’s authors suggest this is still a worrying trend that highlights the ongoing risks facing users of the trusted social media platform.

LinkedIn-based phishing campaigns imitated the style of communication of the professional social media platform with malicious emails using subjects like “You appeared in 8 searches this week”, “You have one new message” or “I’d like to do business with you via LinkedIn.” Although appearing to come from LinkedIn, they used an email address that was completely different to that of the brand.

Social networks generally continue to be the most imitated category, followed by technology which, this quarter, took over second place from shipping.

Microsoft came in second, making up 13% of all brand phishing attempts. This is more than double the amount in the previous quarter and a figure that edges DHL into third place with 12%. Some new brands entered the top 10 this quarter, including Adidas, Adobe and HSBC, although all were in low single digits. CPR says these brands will be followed closely by researchers in Q3 for any developments.

The increase in the use of Microsoft-related scams represents a danger to both individuals and organisations. Once account login details are obtained, criminals have access to all the applications behind it, such as Teams and SharePoint, as well as the obvious risk of compromise to Outlook email accounts.

Meanwhile, with a trend towards increased online shopping, it is not surprising that Q2 also saw shipping company DHL being faked in 12% of all phishing attacks. The report specifically references a tracking-related phishing scam, with the subject line “Incoming Shipment Notification” enticing the consumer to click on a malicious link.

“Phishing emails are a prominent tool in every hacker’s arsenal as they are fast to deploy and can target millions of users at relatively low cost,” said Omer Dembinsky, Data Research Group Manager at Check Point Software.

“They give cybercriminals the opportunity to leverage the reputation of trusted brands to give users a false sense of security that can be exploited to steal personal or commercial information for financial gain.

“The criminals will use any brand with sufficient reach and consumer trust. Hence, we see hackers expanding their activities with the first appearance of Adidas, Adobe and HSBC in the top 10. The hackers trade on our trust in these brands and that very human instinct for ‘the deal’. There’s a reason the hackers continue to use brand-based phishing: it works. So consumers need to act with caution and look out for telltale signs of the fake email, like poor grammar, spelling mistakes or strange domain names. If in doubt, head for the brand’s own website rather than clicking any links.”

A brand phishing attack not only takes advantage of our implicit trust in a familiar brand, adopting its brand imagery and often using a similar URL, it also plays on human emotions, like the fear of missing out on a discount. The sense of urgency this creates leads consumers to click in haste without first checking if the email is from the brand in question. This could lead to them inadvertently downloading malware or handing over precious personally identifiable information which can give criminals access to their entire online world and potential financial loss.