New Zealand LinkedIn users are being urged to keep an eye out for suspicious communications after a new report from a cybersecurity solutions company.
Check Point Software's Brand Phishing Report for the first quarter of 2022 found the Microsoft-owned business social network was most frequently imitated by cybercriminals in attempts to steal information and payment credentials.
It's the first the brand has topped of the list, attracting 52 percent of all phishing attacks globally, according to Check Point. That's a massive jump from the fifth place in the previous quarter, attracting just eight percent of attacks late last year.
Omer Dembinsky, data research group manager at Check Point Software, said the phishing attempts were "attacks of opportunity, plain and simple".
"Criminal groups orchestrate these phishing attempts on a grand scale, with a view to getting as many people to part with their personal data as possible," Dembinksy said.
"Some attacks will attempt to gain leverage over individuals or steal their information, such as those we’re seeing with LinkedIn.
"Others will be attempts to deploy malware on company networks, such as the fake emails containing spoof carrier documents that we’re seeing with the likes of Maersk."
DHL, Google, Amazon and Apple all appeared in the top 10, with Facebook dropping out.
"If there was ever any doubt that social media would become one of the most heavily targeted sectors by criminal groups, Q1 has laid those doubts to rest," Dembinsky said.
In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and web page design to the genuine site, Check Point said.
"The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application.
"The fake website often contains a form intended to steal users’ credentials, payment details or other personal information."
Dembinksy said the best defence against the phishing attacks was knowledge.
"Employees should be trained to spot suspicious anomalies such as misspelt domains, typos, incorrect dates and other details that can expose a malicious email or text message," he said.
Below are the top brands ranked by their overall appearance in brand phishing attempts:
- LinkedIn (relating to 52 percent of all phishing attacks globally)
- DHL (14 percent)
- Google (7 percent)
- Microsoft (6 percent)
- FedEx (6 percent)
- WhatsApp (4 percent)
- Amazon (2 percent)
- Maersk (1 percent)
- AliExpress (0.8 percent)
- Apple (0.8 percent)