LinkedIn phishing scam steals user credentials

By on
LinkedIn phishing scam steals user credentials

A wave of emails, supposedly sent by LinkedIn Support, have been linked to scammers who are attempting to steal credentials from members of the networking service.

On Wednesday US time, Satnam Narang, senior security response manager at Symantec, wrote about the phishing campaign observed over the past week.

Narang warned that the spurious emails contain HTML attachments, which supposedly instruct users on how to carry out a “security update.” Instead, opening the attachment leads to a website, which looks like a legitimate LinkedIn login page, he said.

Attackers modified the website's source, so that credentials entered are sent “directly to the attacker”, he explained.

Symantec noted that scammers used HTML attachments in order to bypass browser blacklists, which serve to keep users off phishing websites. Narang recommended that users implement LinkedIn's two-step verification for improved login security.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

The channel is a juicy hacking target - are you improving security?
YES - recent attacks on MSPs spurred us to action
YES - we're ALWAYS improving our security stance
YES - we've noticed new forms of attack
NO - we're confident our past efforts are enough, but are always vigilant
NO - we don't see the need for change at this time
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?