Phishing attack seeks LinkedIn logins

Thursday 15 January 2015 11:00 CET | News

Symantec has spotted an uptick in phishing e-mails that purport to come from LinkedIn support and attempt to steal users’ account credentials.

The e-mails warn potential victims of “irregular activities” on their account and say a compulsory security update is required. The e-mails include an html attachment that purports to be a form for performing the update.

The html file is actually a copy of LinkedIn’s website and login page. But the website code in the file has been modified, so if a user logs in, their account credentials are sent to the attackers.

Users are guided to enable two-step verification on their account. If that’s enabled, LinkedIn sends a one-time passcode over SMS that is required to complete logging into an account. Even if the attackers gain a person’s login credentials, they could not take over an account.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: phishing, e-mails, scams, cybercriminals, web fraud, online security, LinkedIn, login, digital identity
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime

Industry Events