Thursday, June 7, 2012

LinkedIn phishing attacks follow password leaks

4 hrs.

Around the same time LinkedIn confirmed reports that user passwords had been compromised, and urged users to update their passwords, the email phishing attacks began.

On Wednesday, security firms reported that approximately 6.5 million LinkedIn passwords were posted to a Russian hacker website, along with at least 1.5 million passwords belonging to eHarmony members. On Thursday, Internet radio website Last.fm reported that passwords for its site had been compromised as well. All three sites urged users to update their passwords immediately, which unfortunately creates ?a prime atmosphere of panic?for the right phishing scam. ?

Emails claiming to come directly from LinkedIn asked recipients to click or cut-and-paste an enclosed url in their Internet browser to confirm their email address, which several digital security firms have identified as scams.

"We are investigating the exact details but in the meantime please DO NOT CLICK on links in email to change or verify account information, at LinkedIn.com or on any other membership site," warned Cameron Camp, security researcher at ESET. "Instead, navigate to the site directly by typing in the address bar in your browser."

In the emails reviewed by ESET, the link that reads "Click here to confirm your email address" leads to an illegal online pharmacy.

Scammers often take advantage of headline-grabbing news to trick people into clicking a link both via emails and social networks such as Facebook and Twitter. Such scams can trick victims into visiting websites, providing access to online accounts or downloading viruses to their computers.

When exactly the LinkedIn email phishing scam started is not clear. "Because similar emails have been circulating for some time it is hard to say if this is an example of a coordinated scam designed to leverage the security breach made public today, or simply a coincidence (like getting a phishing email asking you to reset your Bank of America online banking password two days after you opened an account there)," Camp wrote on the ESET blog.

As with the phishing emails claiming to be from LinkedIn, be on the lookout for similar emails demanding confirmations and changes on your eHarmony and Last.fm accounts.

Helen A.S. Popkin goes blah blah blah about Internet privacy, then asks you to join her?Twitter?and/or?Facebook. Also,?Google+. Because that's how she rolls.

?

ucla usc ucla usc sean taylor usc football cybermonday coach outlet apostasy

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.