Security Awareness – Social Media Among Top Brands Impersonated in Phishing Attacks

Phishing attacks continue to be one of the one of the most common entry vectors for threat actors. Brand impersonation attacks, when adversaries attempt to mimic a website or domain of a well-known brand by using a similar domain name and webpage designed like the actual site, remain one of the most pernicious forms of phishing. A recent report from the IT company Check Point identifies the top brands criminals impersonated in brand phishing attacks in the first quarter of 2022. In the first quarter of this year, LinkedIn was linked to more than half (52 percent) of all phishing-related attacks globally, marking the first time the social media network has reached the top of rankings. Other top impersonated brands include DHL, Google, Microsoft, FedEx, WhatsApp, and Amazon.

The latest quarterly report underscores an emerging trend of threat actors leveraging social media networks to target and exploit victims. Additionally, the report features an example of a brand phishing attack where LinkedIn users are contacted via an official-looking email in an attempt to lure them to click on a malicious link. Once there, users are again prompted to log-in via a fake portal where their credentials are harvested. To defend against this activity, members are reminded to always be wary of messages that require urgent actions and ones that ask a user to click on a link or open an attachment. Users should reach out to the purported sender via another means of communication to confirm its authenticity. Read more at Check Point.