KnowBe4: Cybercriminals Setting LinkedIn Phishing Traps

LinkedIn increasingly is being used by cybercriminals to trick employees into clicking on phishing emails, according to KnowBe4‘s Q1 top-clicked phishing tests.

Phishing emails with subject lines personalized to employees’ personal interests are clicked on frequently — with LinkedIn messages being opened 50% of the time, making emails with LinkedIn in the subject line the most popular, according to KnowBe4. This is significant as many LinkedIn users, particularly those with business development responsibilities, have their accounts tied to their corporate email addresses, increasing corporate risk of a phishing attack, ransomware breach or other social engineering-related threat, it said.

Sara Valtin, KnowBe4’s vice president of channel, tells us the volume of LinkedIn messages has grown considerably since Q2, Q3 and Q4 of 2018 when this percentage was in the 35-39% range.

KnowBe4’s Sara Valtin

“What it does show is the focus on users trying to expand their relationships and keep it in the realm of what they think is more socially acceptable in a work-related environment, thinking they are ‘safe’ when they are not,” she said. “Facebook dropped slightly over Q4.”

KnowBe4’s examination of simulated phishing tests showed that half of users clicked on spoofed LinkedIn emails that included the following subject lines:

• Join my network
• Profile Views
• Add me to your network
• New InMail Message

In addition to sharing simulated phishing test results to identify social networks that tempt users, KnowBe4 has found that subject lines — both from simulated tests and ‘in-the-wild’ emails users receive and report — prey on what matters most to users. Subject lines that related to human resources and corporate policies, W-2 forms and Amazon ranked in the top 10 this quarter for both simulated tests and in-the-wild email subject lines.

“It is important to teach users how to recognize a spoofed email and have policies in place for social media whether it be at work or at home,” Valtin said. “Employees will often use social media like LinkedIn to expand their business conversations and need to learn how to do this responsibly. Security providers can make training and simulated phishing a part of their offerings, and run assessments or pen tests on their customers/potential customers to determine the weak areas to focus on. It also shows that an overall effort to change or improve culture is needed to help support their other efforts.”

Social media sites also are a hotbed for cybercriminal activity. According to recent research from Bromium, cybercriminals are earning at least $3.25 billion per year from social media-enabled cybercrime.

People often rely on what they think are trusted sources to protect their information, but fall victim to social media scams and end up offering up sensitive information, according to KnowBe4. They need to make the extra effort to protect themselves and be mindful of methods being used by the bad guys, it said.

“From the standpoint of a hacker, social media gives an all-access entry point into an organization because some social media accounts are tied to corporate email addresses,” said Stu Sjouwerman, KnowBe4‘s CEO. “I cannot stress enough that employees need to be hyper-vigilant about clicking on emails and links that come to their corporate email addresses. Clicking to view a new job posting or to identify who has viewed your LinkedIn profile could easily open the gates to bad actors who want to cause damage to the organization.”