Top-clicked LinkedIn phishing emails include such subject lines as “You appeared in new searches this week!”, “People are looking at your LinkedIn profile”, “Please add me to your Linkedin network”, and “Join my network on LinkedIn”.
That’s according to Atlas VPN, a virtual private network company. Next most opened social media phishing emails include the keyword Twitter, Facebook; or claiming there’s a new voice message. COVID-19 themed and ‘Payroll Deduction Form’ emails continue to lure people into phishing traps. Actual security alert email scams are less successful lures, according to the firm.
Anyone with an email address can be subject to an email phishing attack, the firm warns; to protect yourself from such attacks, here are some things to look for:
Urgent call to action or threats – Beware of emails, which create a false sense of urgency, pressuring you to click a link or open sent attachment immediately. Often they promise a reward or threaten with a penalty.
Dubious links – To double-check if the link provided in the email is safe to click on, hover the mouse over the link — it will reveal the real web address you will be directed to after clicking the link. Never open a link until you make sure it looks legitimate.
Spelling and grammar – obvious errors, that scammers are notorious for. Professional companies usually have editors who ensure that clients receive polished and professionally presented content.
Mismatched or misspelled email domains – If the email claims to be from one company but is sent from another domain, you highly likely received a phishing email. For example, the scammers might be pretending to write on behalf of Facebook; however, the email address indicates the email was sent from the Yahoo.com domain. Also, watch out for misspellings in the domain name, like Faceb00k, where both “o” letters were replaced by a 0.
Meanwhile, cleverly designed supply chain attacks will target employees working at home, predicts Kevin Mitnick, chief hacking officer, at the employee info-security awareness company KnowBe4. “For example, the ‘cable company’ sending the target a ‘new, faster router’ that has been covertly back-doored.” Expect hackers to continue to take advantage of IT users’ vulnerabilities and stresses, the company says.
More on the Atlas VPN blog.
Next week is International Fraud Awareness Week, by the international counter-fraud association ACFE; for freely downloadable materials visit https://fraudweek.com/fraudweek/resources.
