Cyber criminals are now targeting LinkedIn users by scamming them into sharing their credentials by sending out mails claiming to be from the support team of the world's largest professional networking firm, security software firm Symantec warned today.
The email goes on to say that in order to secure their account, the recipient needs to download the attached form (an HTML attachment) and follow the instructions. The attachment is a copy of the real LinkedIn.com website.
"However, the website's source has been modified, so if the recipient uses this web page to sign in to their LinkedIn account, their credentials will be sent directly to the attacker," Symantec warned.The email uses a lower case 'i' to spell LinkedIn, instead of capital 'I' as used by the firm.
The difference in characters is indiscernible to the eye and functions as a way to evade mail filters. Also, the HTML attachment method bypasses browser blacklists that often flag suspicious websites to help prevent users from being phished.