SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Phishing emails harvest personal details from LinkedIn members
Mon, 28th Jun 2021
FYI, this story is more than a year old

MailGuard has intercepted phishing emails designed to harvest personal details from LinkedIn members.

Fraudulent emails claiming to be from LinkedIn, have been detected by cybersecurity company, MailGuard, and are likely for malicious intent, such as committing identity theft.

The email poses as an auto-generated notification informing recipients of a new message from another LinkedIn member. The body of the email is designed to be very similar to a legitimate alert from LinkedIn and contains multiple branding elements belonging to the social media company, including its logo, along with various support links in a footer. The email includes a View Message button.

The email originates from a compromised email account belonging to a public university based overseas.

Unsuspecting recipients who click the View Message link are sent to a login page asking for their LinkedIn account credentials. The page is designed to look like a legitimate LinkedIn login page, but is actually a phishing page hosted on a SaaS website development platform.

If users sign in to the false LinkedIn page, the attacker harvests their credentials for later use, and users are redirected back to the login page.

“Although we are stopping this email scam from reaching Australian businesses, we encourage all users to exercise caution when opening messages,” says MailGuard.

“And be extra vigilant against this kind of cyber-attack. If you see an email from LinkedIn, please make sure it's a legitimate communication before you open it.”

MailGuard says anyone falling victim to this scam will be vulnerable to having their LinkedIn account compromised, and their identity is stolen, which can lead to serious repercussions. For instance, cybercriminals could impersonate the victim and use their account to launch further, targeted attacks against LinkedIn members connected with the victim. It says credentials are also likely to be harvested for use in future cyber-attacks, identity fraud, and sold on the dark web. 

LinkedIn has more than 660 million registered members worldwide, so there's a good chance many who receive the email are LinkedIn subscribers, and a portion of those will be too time poor to check the details in the email.

Cybercriminals are aware of this, which is why they regularly impersonate well-known brands like LinkedIn in their scams. Over the years, MailGuard has intercepted numerous LinkedIn-themed email scams, including in September 2019, and July 2018.

LinkedIn lists possible warning signs to detect a phishing message on its support page:

  • Messages containing bad spelling, grammar, and that aren't addressed to you personally.
  • Any messages asking you to act immediately.
  • A message asking you to open an attachment to install a software update.