Social media networks have now overtaken shipping, retail and technology as the category most likely to be targeted by criminal groups, according to new research from Check Point.

The Brand Phishing Report for Q1 2022 highlights the brands that criminals most frequently imitated in their attempts to steal individuals’ personal information or payment credentials during January, February and March 2022.

So far this year, LinkedIn has been related to more than half (52%) of all phishing-related attacks globally, marking the first time the social media network has reached the top of the rankings.

It represents a dramatic 44% uplift from the previous quarter when LinkedIn was in the fifth position and related to only 8% of phishing attempts. LinkedIn has now overtaken DHL as the most targeted brand, which has fallen to the second position and accounted for 14% of all phishing attempts during the quarter.

The report highlights an emerging trend toward threat actors targeting social networks, even more than shipping companies and technology giants like Google, Microsoft and Apple. 

Below are the top brands ranked by their overall appearance in brand phishing attempts:

  1. LinkedIn (relating to 52% of all phishing attacks globally)
  2. DHL (14%)
  3. Google (7%)
  4. Microsoft (6%)
  5. FedEx (6%)
  6. WhatsApp (4%)
  7. Amazon (2%)
  8. Maersk (1%)
  9. AliExpress (0.8%)
  10. Apple (0.8%)

Security leaders are not surprised that threat actors are targeting social media networks now. “It makes sense for attackers to use LinkedIn as a hook for socially engineered phishing attacks, as it is generally accepted as a usable, professional platform,” says Hank Schless, Senior Manager, Security Solutions at Lookout. “However, it’s not that different from any other social platform where an attacker can create a fake but convincing profile and message one of your employees with a malicious link or attachment.”

With LinkedIn moving up the list of platforms used in phishing-related attacks, Schless suggests organizations update their acceptable use policies (AUPs) to protect employees and mitigate the risk of web-based attacks.

“Cloud-based web proxies such as secure web gateways (SWGs) that are fed by rich threat intelligence datasets can help organizations build dynamic AUPs and protect enterprise data,” Schless says. “SWG is a critical solution to have in the modern enterprise security arsenal as it acts as a way to block accidental access to malicious sites, and can also be a safe tunnel to protect users from modern web-based threats such as ransomware, other malware, and phishing attacks.”