LinkedIn Impersonation in Phishing Attacks: A Growing Threat

Source: Vector choice - URS Preferred Partner

A recent report from Check Point Research revealed a startling statistic: LinkedIn, the Microsoft-owned business platform, is impersonated in nearly half of all phishing attacks globally.

Common Phishing Tactics on LinkedIn

  1. Phishing Emails: Scammers often target job seekers with emails that mimic LinkedIn notifications, such as "You have 1 new invitation" or "Your profile has been viewed by 63 people." While these messages can appear authentic, it's crucial to verify the sender's email address to ensure it's genuinely from LinkedIn. These fraudulent emails often contain links to fake LinkedIn pages designed to steal your personal information.

  2. Fake Profiles and Job Offers: Cybercriminals create fake LinkedIn profiles to message users about job opportunities. Once engaged, they may ask for a small payment to process the application or direct you to a phishing link disguised as a form to fill out.

LinkedIn's Security Features

LinkedIn is aware of these issues and is actively developing advanced security features to protect its users. Here are three key features already in place:

  1. Suspicious Message Warnings: LinkedIn's technology can detect potentially harmful messages, such as those attempting to take you off-platform or containing inappropriate content, and will send you a warning notification.

  2. Profile Verification: Users can verify their profile’s authenticity by submitting an additional form of ID. Verified profiles display a badge, helping others recognize legitimate accounts. This feature is valuable as scammers often use quickly created profiles that lack up-to-date information.

  3. Profile Information: Users can view detailed information about a profile to help determine its legitimacy. By clicking "More" and selecting "About this profile," you can see details such as:

    • When the profile was created

    • When it was last updated

    • Whether the member has verified a phone number

    • Whether the member has a work email associated with their account

  4. AI-Generated Profile Picture Detection: Scammers use AI to create realistic profile pictures for fake accounts. LinkedIn's research found that users often cannot distinguish real photos from AI-generated ones. To combat this, LinkedIn has partnered with academic institutions to develop and deploy advanced detection features that identify and remove AI-generated profile pictures before they cause harm.

Staying Secure on LinkedIn

LinkedIn is a valuable resource for finding jobs, employees, and clients, but security should always be a priority. While LinkedIn's features provide a strong first line of defense, it's essential to have robust internal security measures in place. If someone in your organization falls for a scam and clicks a malicious link, ensure that your internal security solutions can protect your network effectively.

Stay vigilant and leverage both LinkedIn’s security features and your internal safeguards to maintain a secure online environment.

To learn more Contact us