A new LinkedIn social engineering scam has been uncovered by researchers at Heimdal Security which tries to convince LinkedIn users to give their personal information.
The attackers have been attempting to obtain access to users’ financial data together with identity documents, e.g. passport and driver’s license numbers, which can then be exploited in order to commit identity theft.
A rather common social engineering technique, designed to frighten the targetted persons into responding, is being used. The emails allege that there is a security problem with the LinkedIn user’s account that has to be rectified immediately. Similarly to other scams of this type, the victim is given the impression that the matter is urgent, i.e. users are told that they must respond within the next 24 hours to guarantee that their account will not be blocked.
Although many internet scams are rather sophisticated, this particular LinkedIn social engineering scam is actually relatively simple to spot. There are several indicators that the emails are bogus.
The first thing which should raise suspicion is that the email is not sent from the LinkedIn domain, nonetheless it does include some LinkedIn logos that have been taken from real LinkedIn emails. The emails are being sent from the postmaster account at pnotify.com rather than LinkedIn.com. It is thought that the attackers compromised the domain. Despite warnings, many people fail to check the email address an email’s sender before replying so long as the email body appears to contain official branding.
According to Heimdal Security, the second indicator that the email is false is that it includes the name of the target user in the footer, but neglects to include the recipient’s current position, as all secure emails from LinkedIn should.
The most obvious indicator that the email is bogus, however, is that users are requested, in order to correct the supposed security issue, to upload some of their personal documents. The victims are asked to submit their driver’s licence or passport in order to secure their accounts. There is no reason for these documents to be uploaded to LinkedIn. In this scam, the documents are in fact must uploaded to a Dropbox account.
Any person who has a basic understanding of internet security should recognise that the emails are a LinkedIn social engineering scam. Sadly, many people do not have basic security knowledge. This scam usually impacts individuals, however many criminals target companies in order to obtain corporate user details.
The mission for IT administrators is to verify that all employees have been provided with suitable security training, have been taught how to recognise phishing scams, and instructed not to reveal personal or company information without first verifying the email under any circumstances.
