LinkedIn Phishing Email Scam Alert!

This is security advisory for our readers who have LinkedIn accounts. We have been made aware of a phishing email scam that is targeting LinkedIn users. Scroll down to read more about this.

Users of the popular business-oriented social networking service LinkedIn are apparently receiving emails that seem to be from LinkedIn support. In these emails, the recipient is informed about “irregular activities” in their account, because of which a compulsory security update is required. To do so, the user is advised to download an HTML file (attached in the email).

The Real Story!
These emails are fake and are part of a pretty old phishing email scam. If you click the html file, it will redirect you to a fake website that looks like the actual LinkedIn login page. Any login information you give on this page will be transmitted directly to the attacker, who will then hijack your account.

Below is a sample of the phishing email that seems to have been sent by LinkedIn support:

Tips to Avoid Phishing Email Scams
To ensure that you don’t fall into such phishing traps, here are some simple measures you can take:

1. Activate the two-step verification security feature, in this case, your LinkedIn account. This will ensure that no unauthorized user has access to your account.
2. If you have clicked a link or html form in such emails, run an antivirus scan on your computer.
3. Be suspicious of emails that carry a bad tone, has grammatical and spelling errors. Most phishing emails usually have these characteristics.
4. Never click links in emails for logging into any online account.
5. Before clicking any link in an email, hover your mouse over it. This will display the actual URL (bottom-left corner of the screen) of the site that the link is directing to.
6. Remember that a genuine organization would never ask you to install a software update via an email.
7. Always treat unexpected emails as suspicious. For instance, if you haven’t asked for a password reset, then you should never trust an email that claims that you have done so. Trash such emails.
8. If you do receive an email from LinkedIn or any organization about an urgent subject like a security update or a change in password, visit the official website and verify the information first.

LinkedIn’s has an official page that has listed out helpful tips on how to identify a fraudulent or phishing email. You can read about them here.

References:
https://help.linkedin.com
https://blog.knowbe4.com