LinkedIn se ha convertido en la marca más suplantada por los atacantes que tienen por objetivo sustraer las credenciales de los usuarios mediante correos electrónicos no legítimos. Según Check Point, un reconocido proveedor de soluciones de ciberseguridad, the 45% de todos los intentos de phishing por correo electrónico en el segundo trimestre de 2022 they imitated the communication style of the platform, with the aim of directing users to a fake LinkedIn login page and obtaining their credentials.
Hackers' interest in the social network oriented towards professional use has grown exponentially since last year. In fact, in the fourth quarter of 2021 attempts at LinkedIn-themed phishing accounted for only 8 percent of total phishing attacks. The rise in attackers' interest in the platform is due to its growing popularity, as it currently has more than 810 million members. In addition, LinkedIn accounts represent an almost inexhaustible source of personal data, and the victims' contacts become potential targets, to whom personalized messages are sent with the aim of stealing their credentials.
Typically, phishers try to exploit users' urgency in finding a job. by sending fake messages like: 'You have appeared in X searches this week' or 'X user wants to do business with you'. It is also true that there are other approaches, such as those that include notifications alerting users about the detection of unusual activity on their account and the possible temporary restriction of use, if they do not provide a series of required data, entre los que evidentemente se encuentran sus credenciales.
Con todo esto sobre la mesa, se recomienda a los usuarios que tomen conciencia de la situación y comprendan que no todos los correos electrónicos que tienen el logotipo auténtico de determinadas organizaciones o hacen uso de direcciones de correo similares a las originales son legítimos.