Not content with trying to access our personal and confidential data through phishing emails and scam phone calls, hackers and cyber criminals are now targeting our personal LinkedIn accounts. This is an issue because LinkedIn is well known to be the largest professional networking website, boasting over 750 million users worldwide. Whilst this is a plus for business, it is also a massive target for hackers. Read on to learn more about why cyber criminals are targeting LinkedIn accounts and how you might be able to spot a phishing attack.

Why are cyber criminals targeting LinkedIn accounts?

Cyber criminals are targeting LinkedIn accounts because of the wide range of data available to them and the network’s reputation. The platform has a reputation for being secure for businesses and professionals. If your employees have not managed cyber security training or similar, phishing emails via LinkedIn can appear legitimate. Criminals use LinkedIn emails to try and catch you out because it is reputable. It is a similar motive to using HMRC to get individuals to click on links. You always hear of employees accidentally transferring money or giving access to confidential data through HMRC emails, but it was scarce that someone would be hacked via LinkedIn. Until now…

Who is the most likely to be targeted?

Hackers understand that the individuals most likely to be targeted by cyber criminals are new employees. For example, it was noted in the Bulletproof Annual Cyber Security Industry Report 2022 that phishing emails often target new hires and employees.

They work cleverly to lull a new hire into a false sense of security. A new hire is usually keen to impress. So, if they receive an email from a higher ranking or higher-level figure, there is a likelihood that the individual will obey an order due to who the demand comes from. However, the LinkedIn messenger or email sender may not always be who they claim to be. This is when cyber security becomes more important.

How does a LinkedIn phishing email work?

The research suggests that LinkedIn phishing emails are designed to look like they come from the social media platform itself. They will usually contain a link to click. Once the recipient clicks, they are led to another page that looks exactly like the actual social media site. However, by the time they have entered their details to log back into what looks like their LinkedIn profile, the hackers have the data they need. They now have the individual’s data and password. They can now log into private LinkedIn accounts using usernames and passwords.

What is interesting to note is that these attacks and methods are not particularly advanced and sophisticated. However, because it is an often-used social media platform, the supposed victim might not even be aware that they have been hacked.

cyber criminals are targeting LinkedIn

Are these phishing attacks easy to spot?

So, we’ve mentioned what these phishing attacks may look like. But, how are they easy to spot and subsequently stop? The same hallmarks of a phishing attack will still be there as if it was a tax scam attempt from someone posing as HMRC. In Q1 of 20221, LinkedIn-related phishing emails were at the top of the list in most clicked-on social media mail. This is when hackers have attempted to present themselves as an authority figure of a business and obtain data through LinkedIn.

The key would be to look out for obvious spelling mistakes and poorly written emails. Although these may not necessarily be phishing attacks, these errors should make you think a bit more clearly. But, of course, you can always sit back and think. Would this person send me this request? If you are ever in doubt, always reach out to them or someone on their team and ask if this is legitimate. It is better to check than to risk it. Once you have clicked on that link, you can’t undo it.

cyber criminals are targeting LinkedIn

The stats and psychology behind the LinkedIn Phishing Scams

As mentioned earlier, LinkedIn-related phishing emails are the most likely to be clicked on by recipients. As a result, they will still be prevalent in 2022, well ahead of other social media-related scams involving imposters on Facebook and Twitter.

Hackers have adopted the white coat approach regarding ordering someone to ring them on a specific number or click on a link. The psychology behind it is that it is a natural human response always to obey the order of someone with a higher authority status. Making an order, the ‘imposter CEO’ for example, creates a sense of urgency and maybe panic in an individual. They are, therefore, likely to click on the link ASAP to get it sorted. With LinkedIn being a highly reputable business platform, the stats reiterate that this is the most common way an employee gets caught out compared to other social media platforms.

Contact us to see how we can help

You can always contact the team at Neuways so that we can help you with your needs and requirements. For example, if it helps with shoring up your business cyber security, we can assist. Or, if you want to know more about phishing attacks and what training Neuways provides, give us a call on 01283 753 344 or send us an email at hello@neuways.com