A recent study analyzing the most effective social media phishing scams shows that LinkedIn-related emails were among the most successful entry points in the first quarter of 2021. According to KnowBe4’s simulated phishing tests report, 42% of employees will click on email subjects posing as authentic LinkedIn correspondence.
“LinkedIn phishing messages have dominated the social media category for the last three years,” the report said. “Users may perceive these emails as legitimate since LinkedIn is a professional network, which could pose significant problems because many LinkedIn users have their accounts tied to their corporate email addresses.
Several LinkedIn-themed email subjects, which may include messages such as “people looking at your profile,” add-me requests, or security-related warnings, usually fool unsuspecting recipients.
Check for the latest LinkedIn-themes phishing campaigns spotted by Bitdefender Antispam Lab here.
Additional top-clicked social medial email subjects include Facebook notifications (20%), direct messages on Twitter (9%), login alerts (12%) and message alerts (11%).
Another key takeaway from the report is that users are less inclined to fall for coronavirus-related phishing scams as of late. Although it appears that users have become familiar with spotting and avoiding pandemic-themed scam messages, nearly a third of users who fell for a deceptive email clicked on security-related IT notification.
“With COVID-19 being around for over a year now and employees becoming more aware of the types of scams that have come out related to the pandemic, cyber criminals are having less success with related phishing attacks,” Stu Sjouwerman, CEO of KnowBe4 explained. “While users are becoming more savvy regarding COVID-19 phishing attacks, there is a steady increase of those falling for security-related email scams. The bad guys go with what works and in Q1, nearly a third of the users who fell for a phishing email clicked on one related to a password check.”
General email subjects that employees have also fallen for in the last quarter include Password Check Required Immediately (31%), Revised Vacation & Sick Time Policy (15%) and COViD-19 Remote Work Policy Update (13%), among others.