The career-centered social media network LinkedIn is the latest victim of phishing efforts on the part of cybercriminals—demonstrating that no organization, no matter how big, is immune to such threats. The phishing attacks are tailored to what LinkedIn users are most likely to be interested in and seek to obtain valuable information from victims. What makes these attacks most concerning from a business perspective is that many LinkedIn users are logging in with their corporate email accounts. When the cybercriminals succeed in getting the information they want, they can gain access to the information of not just the immediate victim, but the organization they work for as well.
According to the Security Awareness Training company KnowBe4, a new wave of cybercrime is hitting the LinkedIn community to gain valuable corporate information. Cybercriminals are attempting to get employees to fall for phishing emails—emails that encourage recipients to click a link that leads to a request for confidential information.
The phishing emails are designed to appeal to the personal interests of the recipients, a common tactic with phishing attacks. The goal is to excite the recipient enough that they forget to be cautious. According to KnowBe4, the most popular type of phishing email is one that has LinkedIn in the subject line. Messages from LinkedIn are opened around 50% of the time, so it makes sense for the cybercriminals to use what is most likely to work. They know that around one in two users will open an email that appears to be from LinkedIn, so they tailor their phishing emails accordingly.
When a phishing attack succeeds against an average person, their personal information and financial information is at risk. But when a phishing attack succeeds against someone who has responsibilities at a business, and therefore security access to protected information of the business, it can lead to damage that harms the business and all of its employees. No one deserves to be the victim of a phishing attack, but there are individuals who, if compromised, can deliver information that will harm more than just one person.
It is predictable that the ones that cybercriminals want most to fall for their LinkedIn phishing attacks are those with higher security clearance in businesses. They know that they could strike a gold mine if they get the right person, with the right information, to fall for one of their phishing emails. That is why they are so devious in the way that they construct their traps. They look closely at the areas of interest of their targets to ensure that they have the highest chance of success.
Not just any phishing email will lead to a click from the reader. To get the desired result, cybercriminals must create the kind of emails that recipients are most likely to fall for. KnowBe4 actually conducted tests on LinkedIn to determine which types of emails recipients would click the most often. As mentioned earlier, the most successful phishing emails included LinkedIn in the subject line of the email. According to an article from ChannelFutures, once the recipient looked at the email, they were most likely to click on emails that had the following in the subject line:
It makes sense that these subjects would attract the most clicks. They all indicate an interest in the recipient, specifically the kind of interest that could lead to an excellent networking opportunity. A desired employer or contact might have looked at their profile or sent them a message. Even better, they might have requested that the recipient become part of their network, or that the recipient allow them to become part of their network. All four subjects target those who are using LinkedIn to further their careers, which explains why they were so successful.
For LinkedIn, the risk of phishing scams and cybercrime is and has always been present. As the company has grown, they have been well aware of the dangers that cybercrime poses to their business and their users. That is why, as with all other major social media platforms, LinkedIn has a dedicated team to identify cybercrime on their platform and to do what they can to fight it. However, there is a limit to what LinkedIn’s dedicated security team can accomplish on their own. Once a platform has millions of users, there will always be criminals who can slip through the cracks. LinkedIn will not be defeated by cybercriminals as a platform. However, the platform’s users do need to be aware of the risks they face.
For businesses, it is best to avoid relying on LinkedIn to keep them and their employees totally secure. Companies have to accept that from time to time, their employees will be targeted by cybercriminals. That is why employee awareness training is so necessary. Businesses must train employees to be aware of the risks of cybercrime, including phishing emails. If you are worried about your employees falling for a phishing scam, consider training them in the red flags of social engineering.
To learn more about cybercrime risks and how to avoid them, please contact our IT services team. We can help you protect your employees and your business.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.