According to cybersecurity group Egress, these types of attacks have been on the rise since the beginning of February.
Reports from the company show that criminals are using stylized HTML templates and display name spoofing in order to get victims to click on phishing links and add their credentials into a fraudulent webpage.
For example, LinkedIn may send you an email that reads “You appeared in 3 searches this week,” or “You have 2 new messages.” Cybercriminals are utilizing these same subject lines, the LinkedIn logo and brand colors in order to impersonate the company and send fake emails. They’re even using other popular organization’s names (like CVS and American Express) to make the emails appear legitimate.
The criminal’s fraudulent website will harvest log-in credentials if an individual puts their information into the site. A spokesperson for LinkedIn recommended that users go to their Help Center in order to learn more about identify phishing messages.
Egress stressed that since many people are in the process of switching jobs, they’re more likely to click on malicious links. Since users are used to seeing frequent emails from LinkedIn, they may not take the time to verify the mail as legitimate. Attacks are bypassing email security defenses, and organizations should examine what protections they have in place to mitigate risk.
The company also recommends hovering over links before clicking, and to be weary of hyperlink requests on mobile devices.
Sign up to our mailing list to receive more IT related educational information: