LinkedIn members are again the target of a malicious phishing scheme, which seeks to steal personal details through Google Forms…
LinkedIn is once again prime opportunity for cyber-criminals who are running a new phishing scam to siphon off members’ personal credentials. But this time, it’s exploiting Google’s technology to beat security measures that would otherwise catch the bogus communications. It likewise uses a legitimate Nigerian university email account, making it all the more believable.
New LinkedIn Phishing Scam Abuses Google Forms to Steal Personal Information
The phishing attack starts by sending an email from the legitimate educational institution. So, the message isn’t flagged or blocked by authentication checks and other protection mechanisms, such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication Reporting and Conformance).
Because the fraudulent email sails through the security measures, it goes right to potential victim recipients and contains a phishing LinkedIn login page that’s hosted on Google Forms. Recipients are told their LinkedIn account is locked and tricks potential victims into entering their login credentials, which of course are stolen. Once the cyber-criminals have the personal information, it can be used for a number of nefarious purposes, including identity theft.