UK police are warning LinkedIn users not to fall for another phishing scam designed to trick them into divulging log-in details for the professional social network.
National fraud and internet crime reporting centre Action Fraud released an alert on Thursday claiming that the scam emails had been spotted in the wild purporting to come from LinkedIn.
They claim that the recipient’s account has been blocked due to inactivity and require them to click a link to confirm email address and restore access.
However, the link will actually take that user to a fake LinkedIn log-in page via which the scammers can harvest victims’ access credentials, according to Hoax Slayer – the site that first spotted the scam.
“Criminals can collect your LinkedIn login credentials and use them to access your account. Once there, they can use the service to launch ongoing spam and scam campaigns in your name,” it said.
“Claiming that account details require updating is a favourite scam ruse. Be wary of any message that makes such a request. If you receive such a message, do not click any links or open any attachments that it contains.”
This isn’t the first such phishing campaign aimed at LinkedIn users and it certainly won’t be the last. Given the nature of the site cybercriminals can gain access to a treasure trove of corporate information with which to launch additional info-stealing attacks at enterprises.
A couple of years ago, security firm Commtouch warned of fake invitations and message notifications containing links to compromised sites, for example.
LinkedIn has sometimes been its own worst enemy.
Over six million user passwords were thought to have been leaked online in Russia in 2012 after a data breach at the firm.
Steve Smith, managing director of data security firm Pentura, urged LinkedIn users to resist the urge to click any suspicious looking links if they receive an unsolicited email purporting to come from the company.
“LinkedIn is obviously a rich source of personal information which can be exploited for further social engineering attacks, which could prove costly both to the individuals and the organisations concerned,” he added.
“Phishing emails continue to be the most common source for social engineering attacks and this further highlights why being vigilant against such hacks is of critical importance.”