IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
internet of things
#
work from home
Search
Story image
#
Cybersecurity
#
Email Security
#
Phishing
LinkedIn Alert: Scammers use security update to phish for credentials
Thu, 15th Jan 2015
FYI, this story is more than a year old
Author image
By Shannon Williams, Journalist
Follow us

Symantec has observed an increase in phishing emails claiming to be from LinkedIn Support.

The body of the email claims that irregular activities have prompted a ‘compulsory security update' for the recipients' LinkedIn account.

Symantec says the email goes on to say that in order to secure their account, the recipient needs to download the attached form (an HTML attachment) and follow the instructions.

In the message, the website's source has been modified so if the recipient uses this web page to sign in to their LinkedIn account, their credentials will be sent directly to the attacker.

The email uses a lowercase I instead of a capital i when spelling LinkedIn. Syamntec says the difference in characters is indiscernible to the eye and functions as a way to evade mail filters.

“The most important technique used here is the HTML attachment,” says Satnam Narang in a company blog post.

“This method bypasses browser blacklists that often flag suspicious websites to help prevent users from being phished.

Symantec offers several blogs on how people can learn more about phishing attacks using HTML attachments.

The company recommends users should consider using the two step verification method.

“LinkedIn users should consider turning on two-step verification, a true security update that provides an extra layer of security,” says Narang.

“With two-step verification enabled, even if a user's credentials are compromised, an attacker would not be able to login without having access to the user's mobile phone.

Related stories
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
Half of online traffic in 2024 generated by bots, report finds
Keeper Security launches user-friendly passphrase generator
Cisco launches Hypershield for AI-driven security upgrade
Axis unveils hybrid cloud platform for adaptable security solutions
Top stories
Intel reshuffles Asia Pacific leadership to boost business growth
Coalition integrates cyber risk platform with top cloud services providers
Sapia Labs presents 'revolutionary' AI research at SIOP conference
Armis warns of major cyber-attack risk to 2024 global elections
Scality & Ingram Micro partner for market distribution of ARTESCA