LinkedIn remains the most impersonated brand in phishing scams, followed by Microsoft and DHL

During the second quarter of this year, the professional network platform was exploited in almost half of the phishing attempts seen by Check Point Research.
26 July 2022

LinkedIn remains the most impersonated brand in phishing scams, followed by Microsoft and DHL. (Photo by JUSTIN SULLIVAN / GETTY IMAGES NORTH AMERICA / Getty Images via AFP)

  • Besides LinkedIn, the most striking rise in technology household names being exploited was Microsoft, making up 13% of all brand phishing attempts.
  • Shipping and logistics firm DHL also edged into third place with 12% of all phishing scams.

After amassing the most phishing scams in the first three months of this year, LinkedIn once again tops the chart in being the most impersonated brand for the second quarter of 2022. Check Point Research’s latest report shows that phishing emails imitating the job networking site continue to make the bulk of all brand attempts, although this share of phishing attempts dropped between April and June this year.

Worrying trend for users

In the fourth quarter of 2021, LinkedIn-themed phishing attempts were just 8% of the total brand phishing attacks flagged by Check Point. That number grew significantly to 52% between January and March this year, causing LinkedIn to dominate the rankings for the first time ever. “In April, May, and June we observed that the social media platform LinkedIn continued its reign as the most imitated brand after entering the rankings for the first-time in Q1,” Check Point said in a blog post.

While this share has dropped slightly; down from 52% in Q1 to 45% of all phishing attempts in Q2, the cybersecurity firm said – commenting on the data – that the trend remains worrying and highlights the ongoing risks facing users of the trusted social media platform. Experts, since the start of this year, have put forward a theory that these phishing attacks on LinkedIn aim to capitalize on jobseekers amidst the Great Resignation, where individuals are always on the lookout for new and better opportunities.

An example of a malicious email, which was sent with the subject “[Action required] Final Reminder – Verify your OWA Account now” (Source – Check Point Research)

After all, cybercriminals have always been actively looking for new methods to exploit the vulnerabilities of jobseekers. “LinkedIn based phishing campaigns imitated the style of communication of the professional social media platform with malicious emails using subjects like: ‘You appeared in 8 searches this week’ or ‘You have one new message’ or ‘I’d like to do business with you via LinkedIn’. Although appearing to come from LinkedIn, they used an email address that was completely different to that of the brand,” Check Point said.

Fraudulent page attempting to dupe users into verifying LinkedIn account information (Source – Check Point Research)

Fraudulent page attempting to fool users into verifying LinkedIn account information (Source – Check Point Research)

Check Point research this time also noted that besides the fact that social networks generally continue to be the most imitated category, the recent quarter saw technology taking over second place from shipping in the phishing leaderboard. The technology firm, Microsoft, saw the most striking rise in terms of tech household names, making up 13% of all brand phishing attempts, more than double the amount in the previous quarter – edging shipping and logistics firm DHL into third place with 12%.

“The increase in the use of Microsoft related scams is a danger to both individuals and organizations. Once someone has hold of your account login details, they have access to all the applications behind it, such as Teams and SharePoint, as well as the obvious risk of compromise to your Outlook email account,” Check Point said.

With the relentless trend to online shopping, it is not surprising that Check Point’s research also saw shipping company DHL being faked in 12% of all phishing attacks. The report specifically references a tracking related phishing scam, with the subject line “Incoming Shipment Notification”, enticing the consumer to click on a malicious link.

Moreover, the report noted that a brand phishing attack not only takes advantage of people’s implicit trust in a familiar brand, adopting its brand imagery often using a similar URL, it also plays on human emotions, like the fear of missing out on a discount. “The sense of urgency this creates leads consumers to click in haste without first checking if the email is from the brand in question. This could lead to them inadvertently downloading malware or handing over precious personally identifiable information which can give criminals access to their entire online world and potential financial loss,” the cybersecurity firm said.

Interestingly, for the second quarter of this year, some new brands were spotted among the top 10 most imitated, including Adidas, Adobe and HSBC. Although all on low single digits, those brands, according to Check Point, will be followed closely by their researchers for the next quarter’s developments.