LinkedIn phishing scam steals user credentials

By on
LinkedIn phishing scam steals user credentials

A wave of emails, supposedly sent by LinkedIn Support, have been linked to scammers who are attempting to steal credentials from members of the networking service.

On Wednesday US time, Satnam Narang, senior security response manager at Symantec, wrote about the phishing campaign observed over the past week.

Narang warned that the spurious emails contain HTML attachments, which supposedly instruct users on how to carry out a “security update.” Instead, opening the attachment leads to a website, which looks like a legitimate LinkedIn login page, he said.

Attackers modified the website's source, so that credentials entered are sent “directly to the attacker”, he explained.

Symantec noted that scammers used HTML attachments in order to bypass browser blacklists, which serve to keep users off phishing websites. Narang recommended that users implement LinkedIn's two-step verification for improved login security.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

What's your top marketing tactic for 2020?
Long lunches with customers and prospects
Content marketing to drive website visits
Social media
More use of CRM
Word of mouth
Online ads
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?