Microsoft caught up in LinkedIn phishing scam.
A phishing scam is doing rounds on Microsoft’s professional platform, LinkedIn. Users of the site which is not among the best known for tight security have been receiving an email advising them of a change in their IP address and the need to disable the auto-flag feature on their accounts.
Like other phishing links that claim to represent a legitimate and popular site, the link provided a redirect to a different website with a convincing replica of LinkedIn’s login page except for the color of the site is wrong and its copyright year is 2015. The site is, however, being flagged by google chrome as fake.
It has not yet been determined if the true goal of the phishing scam is to get login credentials or infect your system with internet malware thus making the threat of the attack mild or now.
The Email comes titled as “Important User Alert” from “linkedIn.firstname.lastname@example.org”. Most users will notice the illegitimacy of the email as FSR is an Idaho-based Internet service provider
The email begins with “dear valid user”. This is a tip-off that the message is not from LinkedIn since the company knows your name and will address you by it in its official emails. The Email is full of common English mistakes and capitalizations on “Important Message” beginning the message
“Our system indicates your account signed-in from different IP recently, do not panic, this happens mostly when your ISP provider changes the IP without your knowledge, but we advise you kindly follow up by Updating to the system to enable auto unflag,” The message proceeds on the importance of maintaining security on the users accounts.
Users are warned of the possibility of losing their LinkedIn privileges if they do not click on the link provided. At first, the link redirected to a LinkedIn URL with the website’s secure HTTPS servers. The page had nothing on it making users suspect of a possible intervention by Microsoft to close the page. The link now redirects to a login page outside the LinkedIn website.
Phishing attacks are common with most coming as either threats or very good offers. Examples of these links are those commonly shared on social media platforms. The description promises a certain amount of data if you fill the details and send an invitation to a certain number of people.
The sole purpose of these links is to capture your phone number and/or social media Login details. The solution to these phishing attacks is simple. Don’t clink on links from sources you consider suspect. Do not at anytime login into any of your social media accounts with the links provided. In case you login into your social media account and notice either a blank page or the URL is not that of the site, make a point of changing the password and any other similar passwords associated with that email.