A new study has shown a growing trend in which hackers are impersonating popular social networking sites in order to obtain users’ personal information or payment credentials via phishing attacks.
Check Point Research, the threat intelligence arm of Check Point Software Technologies and a cybersecurity solutions provider, highlighted the brands that were most frequently imitated by cybercriminals in its Brand Phishing Report for the first quarter of this year.
LinkedIn shot to the top for the first time, accounting for 52% of all phishing attempts globally in January, February and March.
This is a significant 44% jump from the previous quarter, when LinkedIn was ranked sixth and was associated with only 8% of phishing attempts.
The other most-imitated companies are DHL (14%), which ranked top in the last quarter, Google (7%), Microsoft and FedEx (both at 6% each), and WhatsApp (4%).WhatsApp remains in the top 10, the research says, and that the messaging application is responsible for nearly one in every twenty phishing-related attacks worldwide.
If there was any doubt that social media would become one of the most heavily targeted sectors by criminal groups, the first quarter has laid those doubts to rest, Check Point Research said, as social media has surpassed transportation companies and technology behemoths such as Google, Microsoft, and Apple as the most targeted category.
The firm stated that its findings are based on data obtained from Check Point ThreatCloud and its Cyber Threat Map, which analyses cyberattacks in real-time around the world.
“These phishing attempts are attacks of opportunity, plain and simple.
“Criminal groups orchestrate these phishing attempts on a grand scale, with a view to getting as many people to part with their personal data as possible,” said Omer Dembinsky, data research group manager at Check Point Software.
Typically, a hacker would attempt to steal user data by sending malicious emails using the brand’s name as the sender address, taking care to include elements such as the brand’s logo or colour scheme to make them appear authentic.
The report highlights an example where LinkedIn users were contacted via an official-looking email in an attempt to lure them to click on a malicious link.
Once there, users would be prompted to log in via a fake portal where their credentials would be harvested, the company said, adding that criminals will attempt to imitate the official website by using a similar domain and design.
In another example, a hacker used Maersk’s branding and a spoofed email address to make it appear as if it was sent from “Maersk Notification”.
The user was asked to download an Excel document that contained the Trojan known as Agent Tesla, a type of malware that is capable of granting access to a victim’s computer through a backdoor.
“Some attacks will attempt to gain leverage over individuals or steal their information, such as those we’re seeing with LinkedIn.
“Others will be attempts to deploy malware on company networks, such as the fake emails containing spoof carrier documents that we’re seeing with the likes of Maersk,” Dembinsky said.
The brands of shipping companies like DHL and Maersk, he said, are being abused by threat actors to target both companies and consumers due to the rising popularity of ecommerce, and it’s critical that staff be taught to be more alert when it comes to recognising phishing schemes.
“Employees in particular should be trained to spot suspicious anomalies such as misspelt domains, typos, incorrect dates and other details that can expose a malicious email or text message,” he said, urging LinkedIn users to be extra vigilant over the course of the next few months.