Phishing emails harvest personal details from LinkedIn members

MailGuard has intercepted phishing emails designed to harvest personal details from LinkedIn members. Fraudulent emails claiming to be from LinkedIn, have been detected by cybersecurity company, MailGuard, and are likely for malicious intent, such as committing identity theft. The email poses as an auto-generated notification informing recipients of a new message from another LinkedIn member. The body of the email is designed to be very similar to a legitimate alert from LinkedIn and contains multiple branding elements belonging to the social media company, including its logo, along with various support links in a footer. The email includes a View Message button. The email originates from a compromised email account belonging to a public university based overseas. Unsuspecting recipients who click the View Message link are sent to a login page asking for their LinkedIn account credentials. The page is designed to look like a legitimate LinkedIn login page, but is actually a phishing page hosted on a SaaS website development platform. If users sign in to the false LinkedIn page, the attacker harvests their credentials for later use, and users are redirected back to the login page. “Although we are stopping this email scam from reaching Australian businesses, we encourage all…
Read More