Photo by Oleg Magni

Egress, a cybersecurity firm, reports a rise in Phishing attacks imitating LinkedIn emails, and since February, such attacks have increased 232%.

The company stated in a report that cybercriminals are using display name spoofing and stylised HTML templates to trick victims into clicking on phishing links in Outlook 365 and providing their credentials on fake websites.

Many people are used to receiving emails from LinkedIn stating, “You appeared in 4 searches this week,” “You have 1 new message,” and “Your profile matches this job.”

But, cybercriminals are using a LinkedIn display in webmail addresses to send sham emails having the same subject lines. 

“The emails use multiple stylised HTML templates, including the LinkedIn logo, brand colours and icons. Within the body of the email, the cybercriminal uses other well-known organisations’ names (including American Express and CVS Carepoint) to make the attacks more convincing,” Egress explained. 

“When clicked, the phishing links send the victim to a website that harvests their LinkedIn log-in credentials. The footer features elements from LinkedIn’s genuine email footer, including their global HQ address, hyperlinks to unsubscribe and to their support section, and the recipient’s information.”

Also read,

The emails are alarming, especially at a time, when many people are looking for new jobs, people have become susceptible to clicking on links that look similar to LinkedIn messages.

Yehuda Rosen, a senior software engineer at nVisium, added that LinkedIn has hundreds of millions of users and many of them are used to receiving legitimate emails from LinkedIn. They may inevitably click without carefully checking that each and every email is real.

“The attacks we have seen are bypassing traditional email security defenses to be delivered into people’s inboxes. We advise organizations to examine their current anti-phishing securing stack to ensure they have intelligent controls deployed directly into people’s mailboxes,” Egress said.

“Individuals should take extreme caution when reading notification emails that request them to click on a hyperlink, particularly on mobile devices. We recommend hovering over links before clicking on them and going directly to LinkedIn to check for messages and updates.”