LinkedIn phishing scams most clicked with a 47% open rate in Q3 2020

According to data presented by the Atlas VPN team, emails impersonating LinkedIn were the most clicked on social media phishing attacks, with a 47% open rate in the third quarter of this year.

The numbers are based on research by KnowBe4, which examined tens of thousands of email subject lines from simulated phishing tests in Q3 2020 based on real phishing attack data.

Phishing is a type of social engineering attack used by cybercriminals to steal personal data from unsuspecting victims, such as their passwords or credit card information. Criminals reach out to the victims via email, instant messages, or telephone pretending to be from reputable companies to lure out sensitive information.

Emails with a keyword "LinkedIn'' in the subject line topped the list of most opened social media phishing emails three years in a row. In Q3 2020, LinkedIn phishing emails had a 47% open rate — only a 1% drop from the same period last year.

Top-clicked LinkedIn phishing emails in the third quarter of 2020 include such subject lines as "You appeared in new searches this week!", "People are looking at your LinkedIn profile", "Please add me to your Linkedin network", and "Join my network on LinkedIn".

The second most opened social media phishing emails include the keyword "Twitter". Emails with a subject line "Someone has sent you a direct message on Twitter!" had a 15% open rate.

Phishing attacks exploiting Twitter were followed by Facebook phishing scams. Emails titled "Your friend tagged you in photos on Facebook" had a 12% click rate.

Up next are emails notifying people about a new voice message. Phishing emails titled "New voice message at 1:23AM" had an 8% open rate.

Surprisingly, security alert emails also fall below the 10% open rate. Social media phishing emails warning of login on Chrome on Motorola Moto X had a 7% open rate, while emails with a subject line "Someone may have accessed your account" had a click rate of 6%.

Finally, emails spoofing WhatsApp had an open rate of 5%. WhatsApp phishing emails tried to entice people with the subject line "You have a new WhatsApp message".

Payroll phishing emails were the most opened last quarter

Cybercriminals are often targeting employees, as such attacks can yield much higher profits. What is more, phishing emails are usually disguised as legitimate and basic messages employees see day after day.

That is one of the reasons why when it comes to general email subject lines, the top most opened phishing emails in the third quarter of this year were payroll emails. More specifically, emails titled "Payroll Deduction Form" had an impressive 33% open rate.

Furthermore, as the worldwide pandemic is still ongoing, COVID-19 themed emails continued to lure people into the phishing traps. Emails with keywords “COVID-19” and “pandemic” saw a 32% open rate.

Most of the top-clicked COVID-19 themed phishing emails were related to work policy, with the most successful COVID-19 themed phishing email subject line being "Required to read or complete: "COVID-19 Safety Policy" with a 9% open rate.

"COVID-19 Safety Policy" was closely followed by "COVID-19 Remote Work Policy Update " with a 7% click rate, and "Your team shared "COVID 19 Amendment and Emergency leave pay policy" with you via OneDrive" with a 6% open rate.

Other pandemic-related phishing scams include emails titled "Official Quarantine Notice" and "COVID-19: Return To Work Guidelines and Requirements" each with a 5% open rate.

Other email subjects regarding workplace policy also made it to the top opened phishing email list in the third quarter of 2020. Emails titled "Please review the leave law requirements" had a 12% open rate, and emails titled "Vacation Policy Update" had a 7% click rate.

Security warning email with the subject "Password Check Required Immediately", as well as a system maintenance warning email titled "Scheduled Server Maintenance -- No Internet Access" had 9% and 7% opening rates respectively.

How to protect yourself from email phishing attacks

Anyone with an email address can be subject to an email phishing attack. In order to protect yourself from such attacks, it is important to be educated on the key characteristics of phishing emails.

Here are some of the things you should be looking out for:

  • Urgent call to action or threats - Beware of emails, which create a false sense of urgency, pressuring you to click a link or open sent attachment immediately. Often they promise a reward or threaten with a penalty.
  • Dubious links - To double-check if the link provided in the email is safe to click on, hover the mouse over the link — it will reveal the real web address you will be directed to after clicking the link. Never open a link until you make sure it looks legitimate.
  • Spelling and grammar mistakes - Watch out for obvious spelling or grammar errors scammers are notorious for. Professional companies usually have editors who ensure that clients receive polished and professionally presented content.
  • Mismatched or misspelled email domains - If the email claims to be from one company but is sent from another domain, you highly likely received a phishing email. For example, the scammers might be pretending to write on behalf of Facebook; however, the email address indicates the email was sent from the Yahoo.com domain. Also, watch out for misspellings in the domain name, like Faceb00k, where both "o" letters were replaced by a 0.

If you suspect that the email you received is a phishing email, do not respond. Instead, delete the email immediately.

If you received it to your company email address, report the email to the cybersecurity team or other responsible department in your organization. Above all, always remember to stay vigilant.


Alex T.

Alex T.


Tags: Cybersecurity Scams Phishing Email Social Media