Researchers at Heimdal Security have uncovered a new LinkedIn social engineering scam that attempts to get the LinkedIn account holders to reveal their personal information.
The attackers are trying to gain access to users’ financial data as well as identity documents such as passport and driver’s license numbers that can be used to commit identity theft.
The attackers are using a common social engineering technique designed to scare potential victims into responding. The emails claim that there is a security issue with users’ accounts that must be rectified promptly. Common to other scams of this nature, a sense of urgency is injected by telling users that they must respond within 24 hours to ensure their account is not blocked.
While many scams are sophisticated, this LinkedIn social engineering scam is relatively easy to identify. There are a number of tell-tale signs that the emails are not genuine.
The first giveaway is the email is not sent from the LinkedIn domain, although it does contain LinkedIn logos that have been lifted from genuine LinkedIn emails. Instead of LinkedIn.com, the emails are sent from the postmaster account at pnotify.com. The domain is believed to have been compromised by the attackers. Unfortunately, many individuals still do not check the email address of the sender of an email before responding when the email body contains official branding.
There is another giveaway. According to Heimdal Security, “The phishing email only includes the name of the targeted LinkedIn user in the footer, but not the recipient’s current position, as secure emails from LinkedIn do.”
However, the biggest warning sign that the email is not genuine is users are required, as part of the procedure to correct the security issue, to upload personal documents. Users are asked to submit a driver’s license or passport scan as part of the procedure to secure their accounts. Those documents are not uploaded to LinkedIn. Users must upload them to a Dropbox account.
Any security aware individual should be able to identify the emails as just another LinkedIn social engineering scam. Unfortunately, many individuals lack basic security awareness. This scam affects individuals, although many cybercriminals target companies to steal corporate user credentials.
The task for IT administrators is to ensure all employees are provided with security training, are told how to identify phishing scams, and instructed never to divulge personal or company information.