LinkedIn Brand - Most Abused in Phishing Attempts

by Dark Reading Staff; April 20, 2022; DarkReading.com

New research shows threat actors increasingly leveraging social networks for attacks, with LinkedIn being used in 52% of global phishing attacks.

April 20, 2022

Shipping, retail, and tech companies are no longer the most popular brands used to hide phishing attacks. Instead, social media platforms have become the brands of choice used to dupe victims and steal their personal data, with LinkedIn-related lures accounting for a full 52% of all global phishing attacks during January, February, and March of 2022, according to new data.

LinkedIn phishing-lure use exploded by 44% over the previous quarter, when it was used in just 8% of phishing attempts, according to Check Point's latest Brand Phishing Report.

"As well as LinkedIn being the most targeted brand by a considerable margin, WhatsApp maintained its position in the top ten, accounting for almost 1 in 20 phishing-related attacks worldwide," the report said.

Shipping is still a draw, even though LinkedIn overtook DHL as the brand most often used in phishing attacks. DHL is now the second-most abused brand, behind 14% of attempts during the same time period. FedEx moved up from seventh place to fifth over the past quarter, with 6% of all phishing attempts spoofing its brand.

Check Point's List of Top 10 Abused Brands

  1. LinkedIn (accounting for 52% of all global phishing attacks over the quarter)
  2. DHL (14%)
  3. Google (7%)
  4. Microsoft (6%)
  5. FedEx (6%)
  6. WhatsApp (4%)
  7. Amazon (2%)
  8. Maersk (1%)
  9. AliExpress (0.8%)
  10. Apple (0.8%)

Top 10 Scams for 2022

  1. Debt Collection:
    Most of the complaints under this category involve debt collectors. Consumers tell of receiving calls from harassing collectors who are threatening and will repeatedly call attempting to collect a debt. Other complaints that fall under this category involved credit/debit card fees, pay day loans, credit repair companies and unauthorized use of credit/debit cards. Some of these complaints involved hidden fees and billing disputes as well.
  2. Fake Government Officials 
    If you received an email, letter or phone call from a government agency (typically the IRS or FBI) and it instructs you to wire, Western Union or MoneyGram money someplace, or follow a link and enter information - don't believe it!  The U.S. government would never instruct anyone to use those methods to pay any bill or carry out a financial transaction, particularly with an overseas bank or agency.
  3. Identity Theft, Phishing and Pharming
    Scammers gain access to your confidential information, like social security numbers, date of birth and then use it to apply for credit cards, loans and financial accounts. Typically, the victim receives an email that appears to be from a credible, real bank or credit card company, with links to a website and a request to update account information. But the website and email are fakes, made to look like the real website.
  4. Phone scams
    This includes telemarketers violating the Do Not Call list, Robo-dialers, scammers calling up pretending to be from a bank or credit card company. The National Do Not Call Registry (U.S.) or the National Do Not Call List (Canada) offer consumers a free way to reduce telemarketing calls. Scammers call anyway, of course, and they've even found a way to scam consumers by pretending to be a government official calling to sign you up or confirming your previous participation on the Dot Not call list! A good example of this is the "Your Microsoft license key has expired" scam call - which you can hear and read about on this page.
  5. Loans Scams / Credit Fixers
    False promises of business or personal loans, even if credit is bad, for a fee upfront. Or a scam that promises to repair your credit for a fee.
  6. Fake Prizes, Sweepstakes, Free Gifts, Lottery Scams
    You receive an email claiming you won a prize, lottery or gift, and you only have to pay a "small fee" to claim it or cover "handling costs". These include scams which can go under the name of genuine lotteries like the UK National Lottery and the El Gordo Spanish lottery.  Unsolicited email or telephone calls tell people they are being entered or have already been entered into a prize draw. Later, they receive a call congratulating them on winning a substantial prize in a national lottery. But before they can claim their prize, they are told they must send money to pay for administration fees and taxes. The prize, of course, does not exist. No genuine lottery asks for money to pay fees or notifies it's winners via email.
  7. Internet merchandise scams
    You purchase something online, but it is either never delivered or it is not what they claimed it was, or is defective. Online shopping, and other shop from home, such as catalog, mail and phone shopping scams are on the rise.
  8. Automobile-Related Complaints
    Car loans, car buying, car sales, auto repair, fake or useless extended warranties. Some of the complaints alleged consumers paid for repairs and that services provided were shoddy. Consumers reported repair companies that return vehicles to the consumer in a worse condition than how it was initially given to them. Other complaints involved consumers not receiving title to their vehicles at the time of sale
  9. Credit Bureaus and related credit scams
    Credit/debit card fees, pay day loans, credit repair companies and unauthorized use of credit/debit cards. Some of these complaints involved hidden fees and billing disputes as well.
  10. Phishing/Spoofing Emails
    Emails that pretend to be from a company, organization or government agency but ask you to enter or confirm your personal information. 

Scams, Schemes & Swindles from TN Dept. of Commerce

The Scams, Schemes & Swindles webpage managed by the TN Dept. of Commerce and Insurance serves as a central location for scam information with links to fraud and scam webpages of other departments and agencies. The webpage provides common scam information related to dozens of scams impacting all individuals including elderly financial scams like the medicare brace scam or the grandparent scam.


The site includes helpful links about the scam and some resources to help educate consumers, such as this infographic developed in partnership with the ABA Foundation and the FTC that shows the signs of and gives tips to avoid a romance or online dating scam.


New Malware Affecting Home & Small Business Routers

Federal officials and cyber security experts have been reporting about a newly disclosed malware known as “VPNFilter.” Security researchers are estimating that over 500,000 small business and home office routers could be affected. Among the devices identified are routers from Linksys, MikroTik, NETGEAR, TP-LINK and QNAP. While the list of devices reported is not all inclusive, these are the brands identified at this time.

The malware is destructive and it is important for home users to take precautionary steps. Below are some recommended best practices to help protect you and your home network:

  1. Modem/Router Reboot: A simple reboot of your modem/router can help prevent your device from becoming infected. This can be accomplished by unplugging the device from the electrical outlet, waiting at least 10 seconds, and then plugging the device back in.
  2. Proper Password(s): Always make sure any device at home that connects to the internet have unique passwords and never the default admin passwords that come with the device.
  3. Patch/Update Firmware: Many routers and modems receive security updates from time to time, but if you are not sure, contact your Internet Service Provider or go to your router’s website for the most up to date firmware or update for your router. Netgear and Linksys have already established how-to guides on their websites.


Important Tax Fraud Alert

The Internal Revenue Service has issued an alert on erroneous federal tax refunds resulting from an emerging fraud scheme effecting thousands of people. Real taxpayer information including bank account and routing information for direct deposit has been stolen from tax professionals and used to file fraudulent returns. The fraudster contacts the taxpayer posing as an employee of a debt collection agency on behalf of the IRS with instructions on returning the money. If this happens to you, the IRS requests you contact the Automated Clearing House department of the bank/financial institution where the direct deposit was received and have them return it to the IRS. Taxpayers are also asked to contact the IRS at (800) 829-1040 (individuals) or (800) 829-4933 (business) to explain why the direct deposit is being returned. For more information,

Tax Topic Number 161, Returning an Erroneous Refund


Equifax Breach

For information regarding the Equifax breach, please Click Here to be directed to their website or call 866-447-7559.