MailGuard has intercepted a fraudulent email purporting to be from LinkedIn, a popular e-networking tool used by millions of professionals worldwide. This is a phishing email designed to harvest the confidential data of LinkedIn users for malicious intent, such as committing identity theft.
The email masquerades as an auto-generated notification informing recipients about a new message from another LinkedIn member. The body of the email is crafted in a manner that is similar to a legitimate alert from LinkedIn. It contains multiple branding elements belonging to the social media company, including its logo, along with various support links in a footer – likely included to boost the email’s legitimacy. A button is included, with a link to ‘view message’. The email actually originates from a compromised email account belonging to a public university based overseas.
Here’s what the email looks like:
Unsuspecting recipients who click on the link to ‘view message’ are led to a login page asking users for their LinkedIn account credentials, as per the below:
As you can see from the screenshot above, this page is designed to look like a legitimate login page belonging to LinkedIn. Interestingly, the domain used in the page’s URL doesn’t belong to the company. This is actually a phishing page hosted on pantheon.io, a SaaS website development platform.
Once users ‘sign in’ to LinkedIn by submitting their account credentials, the attacker harvests them for later use, and users are redirected back to the login page.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to exercise caution when opening messages, and to be extra vigilant against this kind of cyber-attack. If you see an email from LinkedIn, please make sure it is a legitimate communication before you open it. Please share this alert with your social media network to help us make the people aware of the threat.
This is a sinister scam as anyone falling victim to this scam will be vulnerable to having their LinkedIn account compromised and their identity stolen which can lead to serious repercussions. For instance, cybercriminals can impersonate the victim and use their account to launch further, targeted attacks against LinkedIn members connected with the victim. Credentials are also likely to be harvested for use in future cyber-attacks, for identity fraud and sold on the dark web.
With more than 660 million registered members worldwide, there’s a high likelihood that many of those that are receiving the email are LinkedIn subscribers and that a portion of those will be too time poor to check the details in the email. In fact, over the years, MailGuard has intercepted numerous LinkedIn-themed email scams, including in September 2019 and July 2018.
In addition, this email scam preys on LinkedIn’s large number users who use the social media network to connect with professionals on an everyday basis. By claiming there’s a new message for recipients, the email evokes curiosity among them, motivating them to click on the provided link to view the message as soon as possible.
Despite this, several red flags appear in the email that would make any eagle-eyed recipient conscious of its inauthenticity. Grammatical and formatting issues are visible in the email, especially within its footer.
How to tell if an email you’ve received is actually from LinkedIn?
LinkedIn lists the following advice on its support page:
Fraudsters may use a practice called phishing to try to obtain your sensitive data such as usernames, passwords, and credit card information. These fraudsters impersonate legitimate companies or people, sending emails and links that attempt to direct you to false websites, or infect your computer with malware. LinkedIn will never ask you for your password or ask you to download any programs.
Important: LinkedIn has several email domains, which are determined by our email service provider (ESP). We can assure you that emails from email@example.com and firstname.lastname@example.org are not phishing emails.
Possible warning signs of a phishing message:
- Messages containing bad spelling, grammar, and that aren't addressed to you personally.
- Messages asking you to act immediately.
- Messages asking you to open an attachment to install a software update.
To report phishing emails you've received, please forward the suspicious email to email@example.com
More information can be found here.
As a precaution, MailGuard urges you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from, and
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.