LinkedIn users warned of new phishing scam

Fake emails discovered designed to harvest logins and passwords

LinkedIn users have been warned about a new phishing scam designed to persuade them to hand over their login details.

An email purporting to be from the business social network tells the user that their account has been blocked due to inactivity. Recipents are told to click on a link and then re-enter their username and password to restart their account, the catch being, of course, that the page that they are redirected to is a spoof LinkedIn page rather than the real thing.

Armed with their login details, the criminals would be able to access the user's account and potentially use it as a springboard for highly targetted phishing attacks, sending a personal message to a contact for example. Such targetted emails from a trusted source can achieve very high open and clickthrough rates.

Attention was drawn to the latest LinkedIn scam yesterday by Action Fraud, the UK's national reporting centre for fraud and internet crime which is run by the City of London Police. Action Fraud urges recipients of suspect emails not to click on any links and to forward the email to them.

Social media sites are a favourite target of scammers, criminals and spies. In November last year a targeted phishing attack was revealed that lured LinkedIn users to a fake dating agency, while the UK's GCHQ intelligence agency spoofed the social media site to compromise Belgium's national telecoms operator Belgacom.