January 20th 2015
Symantec has warned about a new wave of phishing emails, this time purporting to be sent from the support team at LinkedIn. According to the internet security company, the emails have the ability to evade spam filters, and employees should be warned to keep a lookout for them and not open attachments or click on embedded links.
A typical email – which may be received by either a business or an individual, reads:
“Due to irregular activities your Linkedln account has been subjected to compulsory security update. Linkedln may sometimes deny logins in cases where we believe the account could have been compromised.
To do this we developed a new secure way that keeps your account safe. we have attached a form to this email to complete the process. Please, download and follow the instructions on your screen.
The email contains an attachment which is a copy of the genuine LinkedIn webpage. However, the website’s source has been modified to enable fraudsters to hijack user credentials if this page is used to enter login details. In turn, they can impersonate genuine LinkedIn user and potentially abuse established business relationships to commit fraud and damage business reputions. This is effectively a form of identity theft.
The emails are convincingly compiled by some use a lower case 'i' in the name 'LinkedIn', but the error is difficult to spot to the unsuspecting eye.
Avoid scam LinkedIn emails
Take advantage of LinkedIn's two-step verification which provides an additional security layer. Here's how. Start by going to your LinkedIn page:
1. Move your cursor over your profile photo at the upper right of your homepage and select Privacy & Settings. For verification purposes, you may need to sign in again.
2. Click the Account side tab by the shield icon towards the bottom of the page and select Manage security settings.
3. Click Turn On under the Two-step verification section.
4. Enter your cell phone number to receive a verification code.
5. Click Send Code.
6. Once you receive the code sent to your phone, enter it into the box on the device you're using to sign.
7. Click Verify.
8. Click Done.
More information is available at LinkedIn's help centre.
If you are a victim of fraud you can call Action Fraud on 0300 123 2040 or via their online fraud reporting tool at www.actionfraud.police.uk and receive a police crime reference number.