For the second quarter in a row, LinkedIn is the most imitated brand in phishing attacks, according to Check Point.
Some 45% of all phishing attempts were spoofs of LinkedIn. Rounding out the top 5:
Impersonation attacks work because they look close to the real thing. End-users are accustomed to receiving emails from LinkedIn or other popular brands. If they don't do a close inspection, however, they won't notice that the URL is different or the sender address is amiss.
Here's one example:
A user might think to click on this link. However, the URL has nothing to do with LinkedIn: https://lin882[.]webnode[.]page/”
It then leads to this fake login page:
Whenever you receive an email from a brand, always do the following: