LinkedIn phishing scam steals user credentials

By on
LinkedIn phishing scam steals user credentials

A wave of emails, supposedly sent by LinkedIn Support, have been linked to scammers who are attempting to steal credentials from members of the networking service.

On Wednesday US time, Satnam Narang, senior security response manager at Symantec, wrote about the phishing campaign observed over the past week.

Narang warned that the spurious emails contain HTML attachments, which supposedly instruct users on how to carry out a “security update.” Instead, opening the attachment leads to a website, which looks like a legitimate LinkedIn login page, he said.

Attackers modified the website's source, so that credentials entered are sent “directly to the attacker”, he explained.

Symantec noted that scammers used HTML attachments in order to bypass browser blacklists, which serve to keep users off phishing websites. Narang recommended that users implement LinkedIn's two-step verification for improved login security.

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Log In

Username / Email:
  |  Forgot your password?