Event planners commonly use social media sites to foster relationships through social selling – making their content relevant to what they provide for their clients. However, event professionals and anyone using the platform for business or pleasure need to remain vigilant for scams on one of the most popular sites for professionals – Linkedin.
In fact, a recent audit by Checkpoint of the social media platform revealed that Linkedin was the target of 45 percent of all phishing scams globally in 2022. This is a massive uptick of scams on the platform compared to the winter of 2021 when Linkedin was only the target of 8 percent of phishing scams – and only the fifth most targeted platform by scammers. Obviously, at 52 percent, Linkedin is now the most targeted social media site for phishing scams. In fact, the second most targeted company, Microsoft, experienced only 13 percent of the phishing scams in 2022. The third-most targeted category, shipping, holds third place with only 12 percent of all phishing attempts – which came from DHL.
How does it work?
With the latest security report from Checkpoint confirming a trend toward hackers leveraging social media networks as their main target, it’s important to know what to look out for and how these phishing scams work.
These threat actors contact Linkedin users with a very official-appearing email in an attempt to bait these users into clicking on a malicious link. Once fooled by the fake email and the malicious link has been followed, users will see a login screen to a fake portal where hackers will store their credentials for nefarious purposes which we will talk about in this article.
The malicious link will lead to a fake website asking for user credentials, payment details, or other personal information. The hacking group may even make it seem like Linkedin needs this information immediately in order for your account to stay in good standing with the social media platform.
As explained by Checkpoint, phishing scams use fake Linkedin emails in an attempt to mimic common messages from the platform to its users, like “You appeared in 11 searches this week,” or “You have a new connection request.”
Even the sender addresses are spoofed in order to appear as if the messages are automated or come from Linkedin support or security staff.
On top of that, some tactics used in these phishing campaigns include fake promotions for the Linkedin Pro service, bogus policy updates, or even threats of account termination for “unverified” users.
However, no matter how they find you, these scams will all lead to a phishing web page where those who followed the link in their email are asked to enter their Linkedin login details, enabling threat actors to take over their accounts and any company accounts attached to their personal accounts.
What is the goal?
Once a scammer has access to your Linkedin account, they may deploy targeted phishing campaigns to reach your coworkers or other valuable individuals in your connections network. That means not only does staying vigilant about phishing scams help keep your data, account, and payment information secure – it also helps save your coworkers and other connections from falling into a similar scam.
Another goal scammers have for targeting Linkedin accounts is to use them for fake job offer campaigns. In fact, North Korean hackers were recently able to scam an employee of a token-based online video game into downloading a malicious PDF that allowed the scammers to steal $620 million worth of cryptocurrency.
Why Linkedin?
Scammers target Linkedin users for two main reasons. One is they make a digital play on the confidence you have in the Linkedin network. Because Linkedin has only recently become one of the major targets of these kinds of attacks, many users are still unaware that they are taking place on Linkedin – therefore they still have a lot of trust in any email that comes from the platform.
The other advantage scammers have when targeting Linkedin users is that the targets are easier to identify and prioritize due to the information readily available on your user profile. Since users publish their titles and affiliations on their profiles, it makes sense for scammers to use Linkedin as a hook for socially engineered phishing attacks.
How you can avoid phishing scams
So as a rule right now, don’t click on any email links from Linkedin if you want to be 100% safe from these scams. Instead, Linkedin users should go directly to the platform that has supposedly sent them an alert email and look for the notification detail on Linkedin.com.
It’s important to know that not all emails from Linkedin are now scams. In fact, platforms like Linkedin have an incentive to notify their users through email or text in order to link the user back to the platform in order to raise the number of visits and platform usage.
Although the platform is attempting to make adjustments to make these kinds of attacks less prevalent, phishing that appears to come from legitimate services cannot be stopped altogether. And these attacks are becoming more common – using phishing scams as a gateway to more profitable attacks like ransomware.
While the ability to block your employees from getting tricked into clicking on phishing sites, malicious links, and other vectors is important – cybersecurity measures aren’t there just yet.
It’s important to realize that second-level connections are basically strangers – which could be potential scammers. In fact, no matter how professional someone’s page, email, or message appears to you, they can be entirely fake and are endeavoring to scam you out of your account, data, or other important credentials and information.
Since Linkedin blurs the boundary between work purposes and personal career development, it’s important to take any messages you receive from the platform with the same level of skepticism you would give to a random message arriving in your work email inbox.
To add even more security, simply only accept connections from people you have met or ones who have been formally introduced to you.
At the end of the day, there is no substitute for education on scams, teaching skepticism, and not falling for the transitive effect of trust in any platform.
The ball is in Linkedin’s court
Considering that 92 percent of Linkedin’s user data was exposed back in 2021 by a data breach, it isn’t surprising that Linkedin is being leveraged by nefarious groups.
In the next months keep an eye out for Linkedin making efforts to find and delete fake profiles. On top of that, there should be efforts taken in order for it to be easier for organizations to flag incorrect details, claims, and fake profiles. For example, if you work for company X and you notice someone who doesn’t work for company X has fake credentials on their webpage, it should be easy for you to report this to Linkedin’s security team.
Resources for Event Professionals from a company you can trust
With over 35 years of experience, Rentacomputer.com has over 25 thousand happy clients in every walk of life, ranging from photographers to pharmaceuticals, transportation to telecommunications, universities to utility companies, and everything in between. We’ve worked with a number of industries to come up with solutions that work for their unique event or need for equipment rentals.
We leverage our experience in the industry with positive reviews on Google, referrals from our accounting executives and certificates of insurance for events of all sizes, and educated employment of technicians.
When you decide to rent from Rentacomputer.com, you’ll receive top-of-the-line support from qualified techs and advice from representatives who are on the cutting edge of the technology rental industry. That means you’ll always receive quality products and have some of the latest and greatest technology and equipment at your disposal.
Do you need help setting up your event? Since Rentacomputer.com has been doing business in the events industry for so long, our technology travel agents are experienced in dealing with a variety of events from small to large and can assist you with a variety of equipment rentals and marketing options that come with them. Get a quote for your event technology rental needs today. Contact us today for a hassle-free technology rental.
Visit our PC & AV Rental Pricing Factors page to find out about our pricing estimates.
Subscribe to our blog today to stay up-to-date with Rentacomputer.com and follow us on social media. Join the discussion by commenting below.
