Threat Management, Malware, Phishing

LinkedIn users getting phished to steal IDs

A new social engineering campaign is sending out emails purporting to come from LinkedIn in an attempt to dupe recipients into giving up personal information.

The phony message claims there is a security issue with the user's LinkedIn account and requests the target provide personally identifiable information (PII). The scam email informs recipients that it's just a “precautionary measure to defend you,” but prompts them to provide the requested information within 24 hours or service will be shuttered.

The scam was first detected by researchers at Heimdal Security, a Danish security company, who explained that the miscreants behind this campaign are after users' financial details, driving license and or passport data. The danger is that this PII can subsequently be used in identity theft capers.

One tipoff that the email is phony is the sender's email address – postmaster [@] – which bears no association with LinkedIn. In fact, according to the researchers, the URL is actually a WordPress site belonging to a Finnish citizen, which, they stated, was most likely usurped for the purpose of being employed in this phishing campaign.

Another red flag that should arouse suspicion is the fact that users are asked to upload PII – such as a driver's license or other government-issued photo identification – to a Dropbox account. 

A fake page even includes a legitimate-looking replication of a LinkedIn footer, though on close examination, the researchers detected giveaways: "The phishing email only includes the name of the targeted LinkedIn user in the footer, but not the recipient's current position, as secure emails from LinkedIn do," they wrote.

Heimdal concludes its report with a number of suggestions on how to report phishing scams, the tell-take signs users should look out for, and urged awareness so as to "be cautious about variations and new tactics that lure you into divulging private data or installing malware on your devices."

In related news, as LinkedIn and Skype are now both owned by Microsoft, there's been some conjecture that leaked LinkedIn passwords stolen in a breach in 2012 might be a factor in this phishing campaign as well as other recent spam campaigns with phony links from LinkedIn, Baidu and other domains that is hitting LinkedIn and Skype users.

The problem likely boils down to subscribers using the same password to login to multiple accounts. Security experts have long advised computer users against this practice and urge those who might be affected by a compromised site to change their password immediately.

This particular phishing threat mixes legitimate links with malicious ones, aiming to confuse the user who might be suspicious about the email's intent, Andra Zaharia, author of the report and the marketing and communication manager at Heimdal Security, told SC Media on Wednesday. "Of course, security savvy users will be able to rule this threat as phishing quite easily, but the rest might be tricked more easily. Playing the 'we need these details to keep you safe' card is nothing new, but the execution here is different in the way that it employs legitimate elements to confuse potential victims." 

In terms of volume, phishing is not showing any sudden changes in magnitude, Zaharia said. However, she added, when it comes to the sophistication level, things have changed in the past few years. "Phishing campaigns are now adapted to current events (in sports, politics, entertainment, etc.) and they leverage brand impersonation a lot more deftly. These campaigns are planned for in detail so as to lure potential victims into a state of trust or comfort, to get them clicking without thinking twice." 

As far as how average users, let alone IT administrators, can guard against phishing and other social engineering scams, Zaharia says education is key. "Getting the basics of cybersecurity right can be a lot more impactful than it may seem. Phishing mostly relies on social engineering and there's no better protection against that than knowing what a phishing email looks like and what its objective is." 

Protection against phishing attacks is as simple as not clicking the link and not replying to an email, she pointed out. 

Further, inaction is what can keep users safe here. "But, in order to achieve that, internet users, both at home and in companies, must find out that phishing exists, that it targets everyone and that its consequences are very real. And that's where we have our work cut out for us, the entire cybersecurity industry," she said. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.