If you receive an email from LinkedIn notifying you of a new message, think twice before clicking, MailGuard has warned.
The email is actually a phishing email designed to harvest your confidential information and could lead to identity theft.
MailGuard said the email masquerades as an auto-generated notification informing you about a new message from another LinkedIn member.
The body of the email is crafted in a manner that is similar to a legitimate alert from LinkedIn - making it hard to identify.
It contains multiple branding elements belonging to the social media company, including its logo, along with various support links in a footer – likely included to boost the email’s legitimacy.
A button is included, with a link to ‘view message’. The email actually originates from a compromised email account belonging to a public university based overseas.
Unsuspecting recipients who click on the link to ‘view message’ are led to a login page asking users for their LinkedIn account credentials.
“This page is designed to look like a legitimate login page belonging to LinkedIn. Interestingly, the domain used in the page’s URL doesn’t belong to the company,” MailGuard said.
“This is actually a phishing page hosted on pantheon.io, a SaaS website development platform.”
MailGuard warns that once users ‘sign in’ to LinkedIn by submitting their account credentials, the attacker harvests those details for later use, and users are redirected back to the login page.
“Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to exercise caution when opening messages, and to be extra vigilant against this kind of cyber-attack,” MailGuard said.
“If you see an email from LinkedIn, please make sure it is a legitimate communication before you open it.”
MailGuard said this scam is particularly bad because of the impact it could have on its victims.
“This is a sinister scam as anyone falling victim to this scam will be vulnerable to having their LinkedIn account compromised and their identity stolen which can lead to serious repercussions,” MailGard said.
“For instance, cybercriminals can impersonate the victim and use their account to launch further, targeted attacks against LinkedIn members connected with the victim. Credentials are also likely to be harvested for use in future cyber-attacks, for identity fraud and sold on the dark web.
How to determine if your LinkedIn email is legitimate
Despite the fact that this scam has gone above and beyond to look real, several red flags appear in the email that would make any eagle-eyed recipient conscious of its inauthenticity.
Grammatical and formatting issues are visible in the email, especially within its footer.
On its support page, LinkedIn said: Fraudsters may use a practice called phishing to try to obtain your sensitive data such as usernames, passwords, and credit card information. These fraudsters impersonate legitimate companies or people, sending emails and links that attempt to direct you to false websites, or infect your computer with malware. LinkedIn will never ask you for your password or ask you to download any programs.
Important: LinkedIn has several email domains, which are determined by our email service provider (ESP). We can assure you that emails from firstname.lastname@example.org and email@example.com are not phishing emails.
Possible warning signs of a phishing message:
Messages containing bad spelling, grammar, and that aren't addressed to you personally.
Messages asking you to act immediately.
Messages asking you to open an attachment to install a software update.
To report phishing emails you've received, please forward the suspicious email to firstname.lastname@example.org
As a precaution, MailGuard urges you not to click links within emails that:
Are not addressed to you by name.
Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
Are from businesses that you were not expecting to hear from, and
Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.