Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Phishing emails already appear to be exploiting the recent mammoth password breach affecting LinkedIn.
Users have reported receiving phishing emails ostensibly from LinkedIn that request and purport to link to password reset facilities.
Victims clicking the links were instead sent to a fake online pharmacy store.
Millions of LinkedIn user passwords were stolen and posted online and were now being cracked.
More than 70 per cent of the estimated 5.8 million exposed passwords were reported to be cracked at the time of writing, including more than a million eHarmony passwords contained in the same data cache.
Password resets have been made for affected LinkedIn and eHarmony accounts, making any phishing emails laced with would-be security messages more likely to be opened.
However it could not be yet determined if the phishing email had predated the password breach.
“Because similar emails have been circulating for some time it is hard to say if this is an example of a coordinated scam designed to leverage the security breach made public today, or simply a coincidence,” ESET security researcher Cameron Camp said.
“Sadly, we are likely to see more of these emails as LinkedIn tries to rebuild trust among members.”
Camp said if the offenders could tie usernames to passwords – which they likely could given the theft of the passwords – they would have a level of “business intelligence about an individual [that] bad actors alike drool over”.
ESET was investigating the phishing emails. Camp said users should not verify their information through hyperlinks at “LinkedIn or on any other membership site”.
Copyright © SC Magazine, Australia
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.