LinkedIn to blame for major phishing scams

(Image credit: Image Credit: wk1003mike / Shutterstock)

Most successful phishing attempts are those that have the keyword 'LinkedIn' in the subject line, a new survey has shown, highlighting the importance of training and employee awareness.

The survey was conducted by KnowBe4, a security awareness training and simulated phishing platform. It reviewed tens of thousands of simulated phishing tests that occurred during the second quarter of the year and found that more than half (56 per cent) of successful attacks had the word “LinkedIn” in the subject line.

All other social media phishing tests combined could not achieve such results. For the survey’s authors, this isn’t surprising, given that “phishing attacks are growing at a remarkable rate of 75 percent in 2019”.

“It feels good to ‘join my network’ or connect with someone in some way – that’s why social media phishing attacks are so successful,” said Stu Sjouwerman, CEO of KnowBe4. “Users innately trust their ‘verified’ contacts so are more apt to click on a link that come from someone they know. It’s becoming harder to identify phishing attacks, but our users are smarter than the bad guys think and can absolutely be trained to identify and avoid phishing and social engineering attacks.”

Here is the list of the most successful phishing tests. The typos and capital letters are as they were in the tests:

  • LinkedIn: 56 per cent
  • Login alert for Chrome on Motorola Moto X: 9 per cent
  • 55th Anniversay and Pizza Party: 8 per cent
  • Your Friend Tagged a Photo of You: 8 per cent
  • Facebook Password Reset Verification: 8 per cent
  • Your password was successfully reset: 6 per cent
  • New Voice Message At 1:23 AM: 5 per cent

The survey has also shown that phishing tests with a focus on password management were quite successful.