Research by KnowBe4, expert on phishing attacks, shows that the use of LinkedIn in the subject line of phishing messages leads to a high success rate among cybercriminals.
The company reports this in a press release on Tuesday. KnowBe4 has simulated phishing attempts in the study and then measured which messages have the highest click rate of users. This showed that the mention of LinkedIn resulted in a click rate of 56 percent. Other subjects didn’t even come close. See below a list of tested topics, with the percentage of users who clicked on the link:
- LinkedIn: 56%
- Login alert for Chrome on Motorola Moto X: 9%.
- 55th Anniversay and Pizza Party: 8%
- Your Friend Tagged a Photo of You: 8%
- Facebook Password Reset Verification: 8%
- Your password was successfully reset: 6%.
- New Voice Message At 1:23 AM: 5%.
Abuse of trust
According to Stu Sjouwerman, founder and CEO of KnowBe4, it actually makes sense that LinkedIn listings in this kind of phishing attempts cause a lot of clicks. It feels good to add people to your network. People feel safe when a message comes from a known contact. Those are exactly the reasons why phishing attacks that use social media are so successful. Cybercriminals are becoming more and more sophisticated at camouflaging a phishing attack, but you can definitely be trained in identifying and signaling phishing and social engineering.
The study also shows that the number of phishing attacks via social media increased by 75 percent in the first quarter of 2019. According to KnowBe4, phishing via LinkedIn is particularly dangerous because many employees have linked their LinkedIn account to their business e-mail address. This increases the chance that criminals will also be able to get hold of company data. This, in turn, can lead to data leaks or fraud through fake payments. For organizations that want to test their vulnerability against phishing attempts, KnowBe4 has made a free test available that allows companies to identify vulnerable users.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.