Hoax-Slayer is warning of new phishing emails targeting LinkedIn users, which aim to trick recipients into clicking on a link by claiming that their LinkedIn accounts have been blocked due to inactivity.
“To ensure that your online services with LinkedIn will no longer be interrupted / You will be asked to log into your account to confirm this email address,” the phishing email states. “Be sure to log in with your current primary email address.”
Recipients who click on the link in the email are taken to a fraudulent LinkedIn login page designed to harvest email addresses and passwords.
“Claiming that account details require updating is a favorite scam ruse,” Hoax-Slayer notes. “Be wary of any message that makes such a request. If you receive such a message, do not click any links or open any attachments that it contains.”
LinkedIn offers advice on how to respond to and report phishing emails here.
Pentura managing director Steve Smith told Infosecurity that LinkedIn users should always be wary of any unsolicited emails claiming to come from the company. “LinkedIn is obviously a rich source of personal information which can be exploited for further social engineering attacks, which could prove costly both to the individuals and the organizations concerned,” he said.
“Phishing emails continue to be the most common source for social engineering attacks and this further highlights why being vigilant against such hacks is of critical importance,” Smith added.
LinkedIn has long been a target of these types of attacks.
In September of 2010, LinkedIn members were hit by spam e-mails posing as LinkedIn connection requests — recipients who clicked on the links in the emails were redirected to websites that installed Zeus malware on the victims’ PCs.
Trusteer researchers warned of similar attacks in June of 2011 — a Trusteer survey at the time found that 68 percent of enterprise users who receive a fake LinkedIn message are likely to click on it.
eSecurity Planet has put together a page of advice on how to secure social media accounts, from user education to two-factor authentication, here.