LinkedIn phishing emails surface

By

Bad guys would 'drool' over potential stolen LinkedIn intel.

Phishing emails already appear to be exploiting the recent mammoth password breach affecting LinkedIn.

LinkedIn phishing emails surface

Users have reported receiving phishing emails ostensibly from LinkedIn that request and purport to link to password reset facilities. 

Credit: ESET
Credit: ESET

Victims clicking the links were instead sent to a fake online pharmacy store.

Millions of LinkedIn user passwords were stolen and posted online and were now being cracked.

More than 70 per cent of the estimated 5.8 million exposed passwords were reported to be cracked at the time of writing, including more than a million eHarmony passwords contained in the same data cache.

Password resets have been made for affected LinkedIn and eHarmony accounts, making any phishing emails laced with would-be security messages more likely to be opened.

However it could not be yet determined if the phishing email had predated the password breach.

“Because similar emails have been circulating for some time it is hard to say if this is an example of a coordinated scam designed to leverage the security breach made public today, or simply a coincidence,” ESET security researcher Cameron Camp said.

“Sadly, we are likely to see more of these emails as LinkedIn tries to rebuild trust among members.”

Camp said if the offenders could tie usernames to passwords – which they likely could given the theft of the passwords – they would have a level of “business intelligence about an individual [that] bad actors alike drool over”.

ESET was investigating the phishing emails. Camp said users should not verify their information through hyperlinks at “LinkedIn or on any other membership site”.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
eharmonylinkedinpasswordsphishingsecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?