LinkedIn is a beloved e-networking tool used by millions of professionals worldwide – so naturally, it’s a great tool in a cybercriminal’s arsenal as it widens his or her victim pool significantly.
MailGuard intercepted a phishing email purporting to be from the social media giant earlier this afternoon (AEST). The email infiltrated inboxes using the display name ‘LinkedIn’.
The body of the email is crafted in a manner that’s similar to a legitimate notification from LinkedIn. It starts off by saying that a new message has been sent to the recipient, and invites him or her to ‘start a conversation’. A photo, supposedly of the sender’s LinkedIn profile, is included. A link is also provided for the reader to ‘Read Message’.
Here is a screenshot of the email:
Unsuspecting recipients who click on the link to ‘read message’ are led to a phishing page designed to look like a legitimate LinkedIn login page, as per the below.
Upon ‘signing in’, users are redirected to the actual LinkedIn login page.
This is a phishing email designed to harvest the confidential data of LinkedIn users for malicious intent, such as committing identity theft.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not respond to it.
This email scam preys on LinkedIn’s large number users who use the social media network to connect with professionals on an everyday basis. By claiming there’s a new message for recipients, the email evokes curiosity among them, motivating them to click on the provided link to view the message as soon as possible. Several techniques have also been employed to boost the legitimacy of the email. These include high-quality branding elements (such as LinkedIn's logo) in the phishing page.
Despite this, several red flags appear in the email that would make any eagle-eyed recipient conscious of its inauthenticity. Formatting errors such as multiple spacing issues are clearly visible in the email.
To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:
- Appear to be from a well-known organisation, typically a bank or service provider and are not addressed to you by name and may include poor grammar.
- Ask you to click on a link within the email body in order to access their website. If unsure call the company directly and ask whether the email is legitimate
- Offer money, reward or gift to entice you to hand over your personal details
- Ask you to submit personal information that the sender should already have access to or should not be requesting from you in the first place
Don't get scammed
If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below: