LinkedIn phishing emails surface

Powered by SC Magazine
 

Bad guys would 'drool' over potential stolen LinkedIn intel.

Phishing emails already appear to be exploiting the recent mammoth password breach affecting LinkedIn.

Users have reported receiving phishing emails ostensibly from LinkedIn that request and purport to link to password reset facilities. 

Credit: ESET
Credit: ESET

Victims clicking the links were instead sent to a fake online pharmacy store.

Millions of LinkedIn user passwords were stolen and posted online and were now being cracked.

More than 70 per cent of the estimated 5.8 million exposed passwords were reported to be cracked at the time of writing, including more than a million eHarmony passwords contained in the same data cache.

Password resets have been made for affected LinkedIn and eHarmony accounts, making any phishing emails laced with would-be security messages more likely to be opened.

However it could not be yet determined if the phishing email had predated the password breach.

“Because similar emails have been circulating for some time it is hard to say if this is an example of a coordinated scam designed to leverage the security breach made public today, or simply a coincidence,” ESET security researcher Cameron Camp said.

“Sadly, we are likely to see more of these emails as LinkedIn tries to rebuild trust among members.”

Camp said if the offenders could tie usernames to passwords – which they likely could given the theft of the passwords – they would have a level of “business intelligence about an individual [that] bad actors alike drool over”.

ESET was investigating the phishing emails. Camp said users should not verify their information through hyperlinks at “LinkedIn or on any other membership site”.

Copyright © SC Magazine, Australia


LinkedIn phishing emails surface
 
 
 
Top Stories
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
Immigration breached Privacy Act with data leak
Pilgrim slams "copy and paste" of asylum seeker data.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 841

Vote