LinkedIn being used as a 'front door' to phishing attacks

Computing's research reveals phishing is the top threat to businesses, and is increasing in severity, while attacks use novel methods to make potential victims feel comfortable before sending their payloads

LinkedIn is now being used by hackers to make contact with potential victims, in order to encourage them to open their malicious emails, and click on their links.

This was one of the revelations from Computing's web seminar today titled 'Are you a phish or a whale?'

Abby Ewen, IT director at law firm BLM, explained that her organisation has recently experienced a determined phishing attack.

"We have had both via an email and telephone an attempt to extort money by someone purporting to be the CFO. It was intercepted both times because we have some very vigilant people trained to spot things that don't look right. We had one this week, a scam email passed to me by a partner, and the person who sent [the scam mail] had connected with the partner on LinkedIn prior to sending the email.

"LinkedIn was used as the front door into the scam," she said.

Phishing is now seen as the top threat to businesses in the UK, above more well-known and headline-grabbing criminal activities such as distributed denial of service (DDoS) attacks.

This was one of the key findings of Computing's latest research into IT security, presented during the webinar.

Phishing is the art of acquiring sensitive information from a target by offering them bait, which could be a fake message from a friend or colleague, an invitation to an important meeting, or even a tempting shopping bargain. Click on the message or link, and your machine is infected with malware that scoops up your personal data.

Whaling is exactly the same process, only with higher profile enterprise targets.

Phishing is becoming increasingly prevalent because of its simplicity, said Orlando Scott-Cowley, cyber security specialist at Mimecast (pictured).

"We use phishing to mean all the types of attack you see in email. Email has become the threat vector of choice because it's easy, there are no skills needed, and you can attach a pre-built piece of malware to your message. It has become far easier than the classic network or IP-based attacks we're used to seeing," said Scott-Cowley.

One of the problems, he added, is that people trust their inboxes, and this misplaced trust is exploited by cyber criminals.

"The problem is we trust our inbox too much, we feel like we're protected behind that infrastructure. Cyber criminals use that trust against us to trick us into clicking their links, wire transferring large sums of money to fraudulent accounts."

Ewan gave the example of a fake email which purported to come from vehicle registration and licensing body the DVLA, which appeared at BLM recently.

"One day we had 2,500 copies of same email in 10 minutes, which purported to come from the DVLA. The email had a specific car registration number, and people still clicked on it [despite the registration number listed not being their own]. One person clicked who didn't even have a car! It's because people are very busy, and the default is to click on things."

BLM's Ewen described the protections she has put in place.

"We now sandbox all attachments, and we receive around 35,000 per week, and we check all URLs that come in. We see between five and 10 malicious attachments per week. Of the 6,500 URLs clicked per week, about 10 go to malicious sites. It's interesting to see how messy the internal environment would be if we didn't have that protection," she concluded.