Social media network LinkedIn tops list of brands most likely to be imitated in phishing attempts in Q1 2022


Check Point Research releases its Q1 Brand Phishing Report, highlighting the brands hackers most often imitate to trick people into giving up their personal data

SAN CARLOS, Calif., April 19, 2022 (GLOBE NEWSWIRE) — Check Point Research (CPR), the threat intelligence arm of Checkpoint® Software Technologies Ltd. (NASDAQ: CHKP) and one of the world’s leading cybersecurity solution providers, released its Brand Phishing Report for the first quarter of 2022. The report highlights the brands that were most often imitated by cybercriminals in their attempts to steal personal information or payment information from individuals during January, February and March.

Social media network, LinkedIn, topped the rankings for the first time ever, accounting for more than half (52%) of all phishing attempts during the quarter. This represents a dramatic 44% increase from the previous quarter, when the professional networking site was in fifth place, accounting for just 8% of phishing attempts. LinkedIn overtook DHL as the most targeted brand, which is now in second place and accounted for 14% of all phishing attempts in the quarter.

The latest report highlights an emerging trend towards threat actors exploiting social media, now the top targeted category ahead of shipping companies and tech giants such as Google, Microsoft and Apple. In addition to LinkedIn being the most targeted brand by a considerable margin, WhatsApp maintained its position in the top ten, accounting for nearly 1 in 20 phishing attacks globally. The report highlights one particular example where LinkedIn users are contacted via an official-looking email with the aim of tricking them into clicking on a malicious link. Once there, users would again be prompted to log in through a fake portal where their credentials would be collected.

Shipping is now the second most targeted category, with threat actors continuing to take advantage of the general boom in e-commerce by directly targeting consumers and shipping companies. DHL is second to LinkedIn, accounting for 14% of phishing attempts; FedEx jumped from seventh to fifth, now accounting for 6% of all phishing attempts; and Maersk and AliExpress entered the top ten list for the first time. The report highlights a particular phishing strategy that used Maersk-branded emails to encourage the download of fake transport documents, infecting workstations with malware.

“These phishing attempts are attacks of opportunity, pure and simple. Criminal groups are orchestrating these large-scale phishing attempts, with the goal of getting as many people as possible to part with their personal data,” said Omer Dembinsky, Data Research Group Manager at Check Point Software. “Some attacks will attempt to gain ground on individuals or steal their information, such as those we see with LinkedIn. Others will be attempts to deploy malware on corporate networks, such as fake emails containing falsified carrier documents that we see with companies like Maersk.”

He continued: “If there was ever any doubt that social media would become one of the most targeted sectors by criminal groups, Q1 dispelled those doubts. While Facebook dropped out of the top 10 rankings, LinkedIn jumped to the top spot and accounted for more than half of all phishing attempts so far this year. The best defense against phishing threats, as always, is knowledge. Employees in particular should be trained to spot suspicious anomalies such as misspelled domains, typos, incorrect dates, and other details that can expose a malicious email or text message. LinkedIn users in particular should be extra vigilant over the coming months.

In a brand phishing attack, criminals attempt to impersonate the official website of a well-known brand by using a domain name or URL and webpage design similar to the genuine site. The link to the fake website can be sent to targeted people via email or SMS, a user can be redirected while browsing the web, or it can be triggered from a fraudulent mobile app. The fake website often contains a form intended to steal user credentials, payment details or other personal information.

Top phishing brands in Q1 2022

Below are the top brands ranked by their general appearance in phishing attempts:

  1. LinkedIn (regarding 52% of all phishing attacks worldwide)
  2. DHL (14%)
  3. Google (7%)
  4. Microsoft (6%)
  5. FedEx (6%)
  6. WhatsApp (4%)
  7. Amazon (2%)
  8. Maersk (1%)
  9. AliExpress (0.8%)
  10. Apple (0.8%)

Maersk Phishing Email – Malware Example

During the first quarter of 2022, we observed a malicious phishing email that used Maersk’s branding and attempted to download the Tesla RAT (Remote Access Trojan) agent onto the user’s machine. The email that was sent from a webmail address and tampered with to appear as if it was sent from “Maersk Notification ([email protected][.]com),” contained the subject, “Maersk: Check copy of bill of lading XXXXXXXXX ready for verification. “. The content asked to upload a “Transport-Document” excel file, which would infect the system with the Tesla agent.

LinkedIn Phishing Email – Account Theft Example

In this phishing email, we see an attempt to steal a user’s LinkedIn account information. The email that was sent from the “LinkedIn” email address ([email protected][.]com[.]mx)”, contained the subject “M&R Trading Co.,Ltd 合作采购订单#XXXXXXXX”. The attacker was trying to trick the victim into clicking on a malicious link, which redirects the user to a fraudulent LinkedIn login page. In the malicious link ([.]com/linkedin[.]com/connection[.]php), the user had to enter their username and password.

As always, we encourage users to be cautious when disclosing personal data and identifying information to work applications or websites, and to think twice before opening any attachments or links. especially emails that claim to be from companies such as LinkedIn or DHL, as they currently are. most likely to be usurped.

Follow Check Point Research via:

About Check Point Research
Check Point Research provides cutting-edge cyber threat intelligence to Check Point Software customers and the wider intelligence community. The research team collects and analyzes global cyberattack data stored on ThreatCloud to keep hackers at bay, while ensuring that all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.

About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. ( is a leading provider of cybersecurity solutions for businesses and governments worldwide. Check Point Infinity’s portfolio of solutions protects businesses and public organizations against 5th generation cyberattacks with an industry-leading capture rate of malware, ransomware and other threats. Infinity comprises three main pillars delivering uncompromising security and Generation V threat prevention in enterprise environments: Check Point Harmony, for remote users; Check Point CloudGuard, to automatically secure clouds; and Check Point Quantum, to protect network perimeters and data centers, all controlled by the industry’s most comprehensive and intuitive unified security management. Check Point protects more than 100,000 organizations of all sizes.

Comments are closed.