Story image

LinkedIn Alert: Scammers use security update to phish for credentials

15 Jan 15

Symantec has observed an increase in phishing emails claiming to be from LinkedIn Support.

The body of the email claims that irregular activities have prompted a ‘compulsory security update’ for the recipients’ LinkedIn account.

Symantec says the email goes on to say that in order to secure their account, the recipient needs to download the attached form (an HTML attachment) and follow the instructions.

In the message, the website’s source has been modified so if the recipient uses this web page to sign in to their LinkedIn account, their credentials will be sent directly to the attacker.

The email uses a lowercase I instead of a capital i when spelling LinkedIn. Syamntec says the difference in characters is indiscernible to the eye and functions as a way to evade mail filters.

“The most important technique used here is the HTML attachment,” says Satnam Narang in a company blog post.

“This method bypasses browser blacklists that often flag suspicious websites to help prevent users from being phished.”

Symantec offers several blogs on how people can learn more about phishing attacks using HTML attachments.

The company recommends users should consider using the two step verification method.

“LinkedIn users should consider turning on two-step verification, a true security update that provides an extra layer of security,” says Narang.

“With two-step verification enabled, even if a user’s credentials are compromised, an attacker would not be able to login without having access to the user’s mobile phone.”

52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
New app conducts background checks on potential tenants
Landlords and house owners need to obtain a tenant’s full name, date of birth, email address, and mobile number in order to conduct the search. And most importantly, they have to get the tenant’s permission first.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Meet Rentbot, the chatbot that can help with tenancy law
If you find yourself in a tricky situation  - or if you just want to understand your rights as a landlord or tenant, you can now turn to a chatbot for help.
PlayerUnknown’s Battlegrounds (PUBG) finally releases on PS4
PUBG on PS4 feels like it’s still in Early Access as the graphics look horribly outdated and the game runs poorly too. 
How AI can fundamentally change the business landscape
“This is an extremely interesting if not pivotal time to discuss how AI is being deployed and leveraged, both in business and at home.”
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."