LinkedIn phishing emails surface

Powered by SC Magazine
 

Bad guys would 'drool' over potential stolen LinkedIn intel.

Phishing emails already appear to be exploiting the recent mammoth password breach affecting LinkedIn.

Users have reported receiving phishing emails ostensibly from LinkedIn that request and purport to link to password reset facilities. 

Credit: ESET
Credit: ESET

Victims clicking the links were instead sent to a fake online pharmacy store.

Millions of LinkedIn user passwords were stolen and posted online and were now being cracked.

More than 70 per cent of the estimated 5.8 million exposed passwords were reported to be cracked at the time of writing, including more than a million eHarmony passwords contained in the same data cache.

Password resets have been made for affected LinkedIn and eHarmony accounts, making any phishing emails laced with would-be security messages more likely to be opened.

However it could not be yet determined if the phishing email had predated the password breach.

“Because similar emails have been circulating for some time it is hard to say if this is an example of a coordinated scam designed to leverage the security breach made public today, or simply a coincidence,” ESET security researcher Cameron Camp said.

“Sadly, we are likely to see more of these emails as LinkedIn tries to rebuild trust among members.”

Camp said if the offenders could tie usernames to passwords – which they likely could given the theft of the passwords – they would have a level of “business intelligence about an individual [that] bad actors alike drool over”.

ESET was investigating the phishing emails. Camp said users should not verify their information through hyperlinks at “LinkedIn or on any other membership site”.

Copyright © SC Magazine, Australia


LinkedIn phishing emails surface
 
 
 
Top Stories
Time management tips for CIOs
[Blog post] How to get to the genba.
 
Making a case for collaboration
[Blog post] Tap into your company’s people power.
 
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  69%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  10%
 
Denial of service attacks
  6%
 
Insider threats
  11%
TOTAL VOTES: 1109

Vote