LinkedIn has proactively removed 70.8 million accounts for spamming or scamming users, and now it is rolling out new features to help users make more informed decisions about who they connect.
As we’ve seen more recently, hackers are increasingly choosing LinkedIn as their attack vector of choice. The $540 million hack of Axie Infinity's Ronin Bridge in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn. Since June of this year, hacking group Lazarus has continued compromising individuals with LinkedIn phishing scams, employing traditional social engineering tactics, and moving the conversation to WhatsApp for the delivery of malicious payloads.
Chris Lehman, CEO of Safeguard Cyber weighs in on the news:
“Multichannel phishing campaigns are so effective because social engineering attacks target humans, NOT systems. The human eye and mind did not evolve towards suspicion, so most multichannel phishing and social engineering attacks cloaked in simple, unassuming words escape scrutiny. Social engineers create these language-based attacks and design them to impersonate someone you trust. This deception can lead to serious damage.
Enterprises need to apply technology long before the hacker tricks employees into giving up the goods. And unfortunately, legacy Secure Email Gateway Systems can no longer handle a sophisticated attack of this nature. Disrupting social engineering and phishing attacks early, especially during the initial compromise phase, with Natural Language Understanding (NLU) is critical. With contextual analysis of communications, it’s possible to discern the context and intent of these attacks, and therefore detect social engineering indicators earlier in the kill chain, such as false urgency, coercive language, persuasion techniques, etc. This analysis adds a crucial layer where defenders can act when training falls short. It’s vital that technology be brought to bear on securing business communications environments spanning email, collaboration, conferencing, and chat channels. These channels comprise the primary layer at which adversaries can reach and compromise or manipulate any employee.”
###