Security researchers over at Check Point (we recommend clicking on that link and checking out real-world examples of phishing emails) recorded a HUGE uptick in the number of cybersecurity attacks spoofed brand phishing attacks, it's so huge that LinkedIn now accounts for 52% of all phishing attacks globally!
What is Phishing?
Phishing is essentially pretending to be someone else online in an attempt to get someone to divulge sensitive information, a commonly seen version of phishing, is an attempt to get the victim to input their login information into a fake login page, which the hacker on the other side will then have full access to.
According to the FBI, it remains by far the most common type of cyberattack, occurring two times as much as anything else hackers throw at people. Why is that? A big part of it is the attack vector being exploited by the attacker is entirely human error, which is one of the hardest areas to address for cybersecurity professionals. A system really is only as secure as the users who have access to it.
After gaining access to an account, hackers will then use your account (which would be trusted by your colleagues) to perform more effective phishing attacks, post links to dodgy websites with viruses, or send spyware directly to colleagues who trust your account.
Hackers using LinkedIn as their vehicle to push phishing attacks makes sense when you consider the potential rewards of gaining access to professional accounts, being able to contact other high earners, like Directors or CEOs, with a trusted coworkers' account can be highly lucrative. So understanding the "why" is easy, but what should you do?
What should you do?
BTT, as well as any good cybersecurity provider, offer staff training as a cybersecurity service. As stated above, phishing is the most common because it exploits vulnerabilities in people, not machines. Someone who knows how to respond to phishing threats won't fall victim to them.
If you need advice get in touch!