Over the past decade, internet use has skyrocketed. The number of surfers on the web has grown by 4.95 billion people. This growth has gone hand in hand with the rise of cybercrime.
Currently, cyberattacks have grown considerably in recent years, registering 59% more than in 2021.
This leads us to the conclusion that cyber criminals have been perfecting their technique by devising new methods in which to attack their victims, something that has not gone unpunished for companies.
In this case, we will focus on the Phishing attack on LinkedIn
Who does not know LinkedIn?
LinkedIn is a company oriented to the business world, in which both companies and users constantly interact to register the supply and demand of jobs. This platform collects no more and nothing less than 830 million users. Being, therefore, a platform recognized worldwide by professionals to find job opportunities.
This great recognition has been the perfect source of attraction for criminals, who have not hesitated to take advantage of this platform to attack their prey.
In our case, Centum Digital also has this platform, click here and follow us to know our news and offers.
Do you know what Phishing is?
Phishing is a technique used by hackers to collect confidential and personal information from their victims, with the ultimate goal of impersonating them.
Over the years, the percentage of phishing attacks has been in crescendo, specifically 70% of organizations confirm having received a phishing attack throughout their career.
To understand this cyberattack, it is necessary to know its timeline.
Phishing in the 90s.
This word from the English “phishing” is the contraction of the word “password harvesting fishing“, translated as collection and fishing of passwords.
Phishing began to be used in the mid-90s. However, until 2003 they did not gain high popularity.
Initially it was considered as a business focused on sending viruses and malicious codes, in which through emails they sought to block the computers of their victims and get the profiles and password of those affected.
Phishing in the 2000s
Scams are starting to take on greater solidity. Scammers send via email, text messages that prompt readers to click on malicious links and fill out forms and provide confidential information.
Considered a profitable business, in which Internet users detailed information about their credit card numbers and other credentials that allowed them to either steal money or sell them on the black market.
Phishing in 2010
A new way emerges through “smshing“, the sending of links through instant messages. It is about sending malicious links in a pretentious and fast way so that the user can access and can steal private information about their accounts.
It was mainly known to be a technique used massively, but over time they have begun to attack specific companies or users. This new technique is called “Spearfishing “
Currently, there are phishing campaigns organized with digital kit tools that impersonate official websites. These are exact replicas that allow you to deceive any user.
Phishing on LinkedIn
In the first quarter of 2022, LinkedIn was the cause of 52% of phishing scams.
As we have mentioned before, users register for job offers, exposing all their personal data, including data from their current home, personal phones, among others.
All this information is semi-public since any user who registers could access all of it, becoming a great opportunity for scammers, who use these practices to hijack the data.
Through emails, victims find offers related to their job searches, which make them sign up for these offers. In such a way, users follow to the letter all the instructions to offer those jobs, falling firmly into their traps.
The new Phishing captured on LinkedIn is DUCKTAIL
It is the new malware program designed to steal Facebook business accounts linked to LinkedIn. This program is hosted stealthily in the documents that are sent via email to the users chosen to make phishing.
Once the files are downloaded, DUCKTAIL is installed on the target’s system and steals the cookies from the browsers it uses, hijacking all the information stored about its Facebook sessions. This allows you to eliminate the double authentication factor.
This deletion allows access to other navigators through a link to the attackers in a new address, granting full access to the Facebook Business account of the affected.
At CENTUM DIGITAL, we care seriously about the security of our readers, so we tell you below some tips to know if you are being attacked by phishing.
How to detect if we are being attacked by phishing?
Possibly you have received via email more than one spam message in which you have not been able to realize that you were being a victim of this type of technique. Since the messages are usually related to entities with which you maintain a close relationship.
In CENTUM Digital, we present some tips to avoid being a victim of Phishing.
- Strengthen and invest in security programs for your teams.
- Keep all your programs and browsers up to date with the latest updates.
- Give yourself strong training to both yourself and your employees.
- Be wary of all emails that feature domains with unusual combinations.
- Messages that contain grammatical errors or misspellings are not reliable.
- Be careful with the links of the emails you receive, it is necessary that you observe carefully if that message contains malware since it can compromise your privacy.
- It verifies the sender’s address so that it can ensure that the message is actually being sent by LinkedIn.
- Do not register your data immediately, be patient and read all the mail carefully.
Finally, CENTUM Digital considers security a priority, therefore, we provide companies with cybersecurity programs that help them prevent any type of information or data leakage. If you want to know all our solutions, keep reading here.