Look out for malicious emails
The report showcases the methods cybercriminals use to trick social media users of each platform, which are generally through emails. One phishing attempt uses a fraudulent Microsoft Outlook web page with the subject line: “[Action Required] Final Reminder – Verify your OWA Account now”, asking the victim to enter their login credentials. “The increase in the use of Microsoft-related scams is a danger to both individuals and organizations,” the report states. “Once someone has hold of your account login details, they have access to all the applications behind it, such as Teams and SharePoint, as well as the obvious risk of compromise to your Outlook email account.” LinkedIn’s branding is often used in sneaky phishing emails, too. Check Point Research spotted one email that was sent from a webmail address and spoofed to appear as if it was sent from “LinkedIn Security (mlayanac@armada.mil[.]ec)”. With the subject line “LinkedIn Notice!!!,” the sender tried to lure users to click on a suspicious link in order to update their LinkedIn account version. However, it instead leads to a dodgy site that asks the victim to enter their LinkedIn account information. This would lead to cybercriminals learning a user’s private credentials, giving them access to their account and anything linked with it, including personal information or banking credentials. These links can also be a way for threat actors to dupe users into downloading malware, to damage or gain unauthorized access to a system. There are a number of different phishing emails using the usual LinkedIn communication style users commonly see, including subject lines like “You appeared in 8 searches this week,” “You have one new message,” or “I’d like to do business with you via LinkedIn.” It’s a good idea to always check the email address of any email from a social media platform, especially if they require you to click on a link. To stay safe online, be sure to check out the best antivirus apps and best password managers around.
