Phishing attacks impersonating emails from LinkedIn have grown 232% since the start of February. The increase is likely related to more people looking for jobs, switching companies, or recruiting for open positions, thus making people more likely to click on emails from LinkedIn.
We have all received emails from LinkedIn saying things such as “You appeared in 4 searches this week,” “You have 1 new message,” and “Your profile matches this job.” Cybercriminals use email addresses with a LinkedIn display name to send fake emails with the same subject lines. In addition, the emails are branded with the LinkedIn logo, brand colors, and icons. To make the phishing attack more convincing, criminals use other well-known organizations’ names, including American Express and CVS.
The branded email templates lure victims to click on phishing links and enter their credentials into fraudulent websites. The hope is the credentials can be used for other websites that contain sensitive information.
What can you do to protect yourself?
- Go directly to the LinkedIn website – To check messages and get updates, type in the full LinkedIn URL in your internet browser.
- Slow down and review links – Hover over links to verify they direct you to the correct website.
- Turn on two-step verification – Review your LinkedIn profile Settings & Privacy page. Turn on the two-step login verification system.
- Report suspicious messages – LinkedIn encourages members to report suspicious messages to their help center. This helps their team identify scams and better secure the platform.
For more information on cyber security and protecting your personal and financial information, visit our Safety and Security page.