Phishing attacks impersonating emails from LinkedIn have grown 232% since the start of February, according to cybersecurity firm Egress.
The company released a report about cybercriminals using display name spoofing and stylized HTML templates to socially engineer victims into clicking on phishing links in Outlook 365 and then entering their credentials into fraudulent websites.
Many people have become accustomed to seeing emails from LinkedIn saying things like "You appeared in 4 searches this week," "You have 1 new message," and "Your profile matches this job."
But now, cybercriminals are using webmail addresses with a LinkedIn display names to send fake emails with the same subject lines.
"The emails use multiple stylized HTML templates, including the LinkedIn logo, brand colors and icons. Within the body of the email, the cybercriminal uses other well-known organizations' names (including American Express and CVS Carepoint) to make the attacks more convincing," Egress explained.
"When clicked, the phishing links send the victim to a website that harvests their LinkedIn log-in credentials. The footer features elements from LinkedIn's genuine email footer, including their global HQ address, hyperlinks to unsubscribe and to their support section, and the recipient's information."
In a statement to ZDNet, a LinkedIn spokesperson urged users to go to their Help Center for help with identifying phishing messages.
"Our internal teams work to take action against those who attempt to harm LinkedIn members through phishing," the spokesperson said. "We encourage members to report suspicious messages and help them learn more about what they can do to protect themselves, including turning on two-step verification."
Egress noted that the emails were particularly concerning right now because so many people are looking for new jobs and switching employers, making them more likely to click on malicious links that look identical to some LinkedIn messages.
Yehuda Rosen, senior software engineer at nVisium, added that LinkedIn has hundreds of millions of users, many of whom are very accustomed to seeing frequent, legitimate emails from LinkedIn. They may inevitably click without carefully checking that each and every email is real.
A record number of people have already left their jobs and are looking for work, and Egress said they have seen a variety of targets in different industries across North America and the UK.
"The attacks we have seen are bypassing traditional email security defenses to be delivered into people's inboxes. We advise organizations to examine their current anti-phishing securing stack to ensure they have intelligent controls deployed directly into people's mailboxes," Egress said.
"Individuals should take extreme caution when reading notification emails that request them to click on a hyperlink, particularly on mobile devices. We recommend hovering over links before clicking on them and going directly to LinkedIn to check for messages and updates."