linkedin phishing emailsConsidered to be social media for professionals, LinkedIn is an invaluable tool for millions of people all over the world and a great way to make a wide range of professional connections.

Unfortunately, hackers and scammers are aware of this fact and tend to gravitate to it as well. They are hoping to take advantage of the unsuspecting.  Recent research from the cybersecurity company Check Point reveals that LinkedIn has become the most spoofed brand in phishing attacks. These attacks account for a staggering 52 percent of such incidents globally.

This figure would be surprising all by itself but what makes it almost shocking is the fact that in the 4th quarter of 2021, LinkedIn was only the 5th most spoofed brand. They were just 8 percent of phishing attacks seeking to impersonate the brand.

Clearly, between late last year and right now something changed, and the social media property suddenly became a hot commodity on the Dark Web.  In fact, as of now nothing else even comes close.  Shipping giant DHL is the second most impersonated brand, accounting for 14 percent of all spoofing incidents globally. So it lags far behind LinkedIn in that regard.

After DHL the number of spoofing incidents fall off markedly, with Google accounting for just 7 percent, Microsoft and FedEx tied at 6 percent, WhatsApp at 4 percent, and Amazon at just 2 percent.

Beyond that, Maersk clocks in at 1 percent and Ali Express and Apple each account for 0.8 percent which is barely enough to register on the radar.

No one can say with certainty why it's happening. The current theory is that given LinkedIn's nature as a hub for professionals, the platform is a natural target and is especially attractive to spear phishers who specifically target well-connected professionals to gain access.

Whatever the explanation, if you rely on LinkedIn, be aware that not all communications you receive may be what they seem. So proceed with caution.

Beware Zip Attachments In Emails Could Be Qbot Malware

phishing zip file

+The owners of the Qbot botnet are changing things up.  The botnet's normal Modus Operandi for distributing their signature Qbot malware has been to push their malicious code via phishing emails which contain Microsoft Office documents laden with poisoned macros. More recently though, the group behind the botnet has switched to phishing emails carrying password-protected ZIP files which contain malicious MSI Windows Installer packages.

It's the first time we've seen this tactic from Qbot and no one is sure what drove the change. The best theory put forward so far is that the tactical shift is a response to a recent announcement by Microsoft to disable Excel 4.0 macros by default. This was done in a bid to shut down macros as a possible delivery system.  If so, it demonstrates the incredible nimbleness and responsiveness of the hacking world.

Microsoft began rolling out a new VBA autoblock feature for Microsoft Office in April 2022.

Microsoft had this to say about the matter:

"Despite the varying email methods attackers are using to deliver Qakbot, these campaigns have in common their use of malicious macros in Office documents, specifically Excel 4.0 macros.

It should be noted that while threats use Excel 4.0 macros as an attempt to evade detection, this feature is now disabled by default and thus requires users to enable it manually for such threats to execute properly."

Qbot can best be described as a modular Windows banking trojan that spreads like a worm.  It has been active for more than a decade and the people who control the malicious code have targeted several high-profile corporate entities, seeking the biggest bang for their buck.

Over the years, several large and well-organized gangs of hackers, including MegaCortex, PwndLocker, and REvil have leveraged Qbot to breach corporate networks.  Although Microsoft's recent moves have made it harder for the botnet to operate, it's clear that they are adapting.

Are you depending on the companies you work with to keep your access secure? As you can see, even the largest companies are at risk. You can be proactive by contacting Integrated Technology Systems for a complete security analysis.

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017