KnowBe4 Q1 2019 top-clicked phishing subject lines reveals LinkedIn messages to be most popular. Today, we revealed that simulated phishing tests that include “LinkedIn” in the subject line are clicked 50 percent of the time by users.
This percentage is significant as many LinkedIn users, particularly those with business development responsibilities, have their accounts tied to their corporate email addresses, increasing corporate risk of a phishing attack, ransomware breach or other social engineering-related threat.
Social media sites are also a hotbed for cybercrime. According to recent research from Bromium, cyber criminals are earning at least $3.25bn per year from social media-enabled cybercrime.
From the standpoint of a hacker, social media gives an all-access entry point into an organization because some social media accounts are tied to corporate email addresses. I cannot stress enough that employees need to be hyper-vigilant about clicking on emails and links that come to their corporate email addresses. Clicking to view a new job posting or to identify who has viewed your LinkedIn profile could easily open the gates to bad actors who want to cause damage to the organization.
Often people rely on what they think are trusted sources to protect their information but fall victim to social media scams and end up offering up sensitive information. They need to make the extra effort to protect themselves and be mindful of methods being used by the bad guys.
To best protect personal information and your organization, you have to have a defense-in-depth security strategy that includes training your users to spot phishing emails.
KnowBe4’s examination of simulated phishing tests showed that half of users clicked on spoofed LinkedIn emails that included the following subject lines:
- Join my network
- Profile Views
- Add me to your network
- New InMail Message
Click here to download the full infographic (PDF) Great to share with your users…