July 29, 2021
New LinkedIn Phishing Scam Abuses Google Forms to Steal Personal Information

LinkedIn Member Beware, There’s a Clever New Phishing Scam Trying to Steal Personal Credentials

LinkedIn members are again the target of a malicious phishing scheme, which seeks to steal personal details through Google Forms…

LinkedIn is once again prime opportunity for cyber-criminals who are running a new phishing scam to siphon off members’ personal credentials. But this time, it’s exploiting Google’s technology to beat security measures that would otherwise catch the bogus communications. It likewise uses a legitimate Nigerian university email account, making it all the more believable. 

New LinkedIn Phishing Scam Abuses Google Forms to Steal Personal Information

The phishing attack starts by sending an email from the legitimate educational institution. So, the message isn’t flagged or blocked by authentication checks and other protection mechanisms, such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication Reporting and Conformance).

Because the fraudulent email sails through the security measures, it goes right to potential victim recipients and contains a phishing LinkedIn login page that’s hosted on Google Forms. Recipients are told their LinkedIn account is locked and tricks potential victims into entering their login credentials, which of course are stolen. Once the cyber-criminals have the personal information, it can be used for a number of nefarious purposes, including identity theft.

William Boleys

Will is an experienced freelance writer who covers a wide range of topics, including apps, social media, and search.

View all posts by William Boleys →