According to the report Brand Phishing Report of the first quarter of 2022 of the cybersecurity company, Check Point Research (CPR), for the first time LinkedIn is the brand most supplanted by cybercriminals, followed by DHL Y Google.
From having registered 8% of social engineering attacks, it became the protagonist with the 52% of attempts phishing, a type of attack in which cybercriminals impersonate the identity of the page to steal personal information or payment credentials.
In just three months, it saw a 44% increase from the previous period, when LinkedIn ranked fifth for phishing attempts. According to specialists, it has even surpassed DHL as the most affectedwhich now ranks second and accounts for 14% of all phishing attempts in the first few months of the year.
how they attack
The report notes that cyber hackers contact users of LinkedIn through an email that looks identical to those of the company to entice them to click on a malicious link. Once the victim enters the site, which also appears to be the official one, he asks to log in, but he keeps the password and username.
Once passwords are obtained, cybercriminals can take control of the account to send spam, commit fraud, or execute any other hacking tactic. social engineering.
What other sites or companies are affected
Records indicate that the Social networks are the main target of cybercriminalseven ahead of transportation companies and tech giants like Google, Microsoft and Apple.
Among them, as mentioned above, LinkedIn turned out to be the most affected of all. WhatsApp is also in the top ten, accounting for nearly 1 in 20 phishing-related attacks worldwide. Facebook, for its part, this year left the list of the most attacked social networks.
Followed by social platforms, the transport sector is the category most attacked by cyber hackers. In this case, they have taken advantage of the rise of e-commerce to target consumers and courier companies directly.
DHL ranks second with 14% of phishing attempts; FedEx has moved from seventh to fifth position, now accounting for 6% of all cases; and Maersk and AliExpress debut in the top ten list. As a whole, the positions occupied by the ten most affected companies are as follows:
1. LinkedIn (related to 52% of all phishing attacks globally)
3. Google (7%)
4. Microsoft (6%)
5. FedEx (6%)
6. WhatsApp (4%)
8. Maersk (1%)
9. AliExpress (0.8%)
10. Apple (0.8%)
The report highlights the phishing strategy that used Maersk-branded emails to encourage the download of purported documents of transit, infecting the computers of its victims with malware. In addition to infection, cybercriminals are also involved in other actions such as credential theft.
“The best defense against these threats, as always, is knowledge. Employees, in particular, should be trained to detect suspicious anomalies such as misspelled domains, typos, incorrect dates, and other details that can expose a fake email or text message. LinkedIn users, in particular, should be very vigilant in the coming months,” said Ivonne Pedraza, CPS Territory Manager.