10,000 LinkedIn users targeted in spear phishing attack

Powered by SC Magazine
 

A LinkedIn "spear phishing" email scam loaded malicious software to steal usernames and passwords.

Ten thousand users of LinkedIn, a social networking site for professionals, were recently targeted in a “spear phishing” email scam trying to lure them into downloading a malicious software attachment.

In a blog post Wednesday, Brian Krebs of the Washington Post, who first reported the story, said recipients of the email were addressed by name, aiding in the authenticity of the email. 

What sets spear phishing attacks apart from traditional malware attacks is that the sender includes information about the intended target in hopes of lending even more legitimacy to the email, David Marcus, director of security research and communications for McAfee Avert Labs, told SCMagazineUS.com Thursday.

The message was sent from the domain “support[at]linkedin[dot]com” with a subject line of “Re: business contact.” 

The email read: “We managed to export the list of business contacts you have asked for.”  The message then directed the recipient to open an attachment that was supposedly a list of business contacts that the user requested. In reality, it loaded malicious software to steal data such as usernames and passwords from the victim's computer.

According to Marcus, the success rate of spear phishing attacks is significantly higher than traditional malicious attacks. Most people have received some sort of spam or phish message reading, “Dear banking customer” and deleted it. But not many people have gotten an email specifically addressed to them, he said.

“The likelihood that you're going to think its real is certainly going to go up,” Marcus said.

To pull off an attack like this, fraudsters must already have obtained a certain amount of information about their targets, Marcus said.

Generally, an attacker would have acquired a database of information with names, email addresses and other identifying information either through a previous hack or having bought the information from cybercrime markets, he said.

The attacker would use that information to craft a legitimate looking email directed to their target.

“It's certainly troubling that the person who instigated the attack had 10,000 people's pieces of information,” Marcus said.

Attackers are targeting the users of social networking sites such as LinkedIn because members are used to receiving emails from the site.

Marcus recommended that if users receive the phishing scam, they should monitor their bank and credit statements because it means that someone already has some information about him or her.

Krista Canfield, spokeswoman for LinkedIn, told SCMagazineUS.com Thursday that the emails were not sent by LinkedIn.

"LinkedIn never advocates that its users be 'open networkers,'" Cranfield said in an email. "In fact it can be downright dangerous. We always advocate that our users keep their network tightly knit. Users should only connect to people that they know and trust or people that they have actually met and worked with before."

See original article on scmagazineus.com

Copyright © SC Magazine, US edition


10,000 LinkedIn users targeted in spear phishing attack
 
 
 
Top Stories
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Images: the next frontier in data analytics?
Barclay’s global data chief says we’re still at the starting line.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  25%
TOTAL VOTES: 420

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  55%
 
No
  45%
TOTAL VOTES: 199

Vote