Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Beware LinkedIn Users, Scammers Are Sending Emails to Steal Your Photo ID!

 

 

Social Media scams are very common nowadays. Scammers are targeting victims by performing various social engineering attacks. A new scam has been identified by the security researchers in which scammers are sending a fake email to users. Through this email, scammers are manipulating victims to upload their Photo ID proof. Scammers could use these Photo ID proofs to get access to their other social media accounts and financial accounts.

 

Why Hackers Hack Normal User’s Social Media Accounts?

Well, hackers are using different types of tactics to hack social media accounts of users. They could use hacked accounts for their personal benefits. Hackers could spread malicious links through these hacked accounts, they could earn more click bait profits and they could forcefully follow malicious websites from hacked accounts. These are just some examples, moreover, they can hijack financial accounts of those users which are using same username and password for all online accounts.

 

Read: Why Hackers Hack Normal User’s Social Media Accounts and How to Protect Social Media accounts from Hackers!

 

LinkedIn Phishing Email Scam

Scammers are sending an email to LinkedIn users in which they are asking to upload a scanned copy of Government issued photo ID proof. Scammers are sending this email on the behalf of LinkedIn team. Scammers are manipulating users by saying that their account needs a verification. According to their email, LinkedIn users can upload a copy of their driving license and passport through a link which has been provided by scammers in the email to successfully verify an account. Following is the screenshot of this fake email:

 

 

Is it really a Scam Email?

Obliviously, it is a scam email. Following red flags are proving this fact:

Sender Email ID

Companies like LinkedIn are using their own domain based webmail service for sending emails to its users. According to security researchers at Heimdal Security, scammers are sending this email from “postmaster@fnotify[dot]com”. This email address doesn’t belong to LinkedIn because it would have linkedin.com as its domain. www.fnotify.com is simply a WordPress based website. This domain name belongs to a Finnish citizen and the website has been hacked by scammers to send these phishing emails to LinkedIn users.

 

Account Verification

The account verification process is required to a company if a user is using their platform by submitting fake personal details. There could be other reasons for an account verification but a legit company will always inform its users about the reason of account verification. In this email, scammers are saying that there is a need to verify your account. Account verification for what??

 

Payment Method 

In this email, scammers are talking about some payment method details. There is two type of users on LinkedIn. First one is Free Users and the second one is Premium Users. Why will LinkedIn ask its free users to send payment method details? If they need to inform you about any payment activity, they will not inform you through these type of illegitimate emails.

 

Dropbox Link for File Uploading

There is a link in email, which is redirecting users to dropbox for uploading their photo ID proofs. Legit companies will never do this type of activity to collect information from its users. They will organize a special webpage under their domain name to collect information. Why will they send an open link of a third party service to its users to upload their documents?

 

 

Link Expiry

 At the end of the email, there is a sentence which is clearly telling that the link will be expired in 24 hours. The point is, why legit companies will set a time limit on those links, which are collecting information from its millions of users? If a LinkedIn user is not using his/her account for some reasons, how can a company can force him/her to upload his Photo proofs within 24 hours?

 

All these red flags are clearly showing that these are fake emails and scammers are collecting personal information of LinkedIn users. Therefore, if you have got any email which is asking you to upload Photo ID proof, never do that. Social media is a great place to explore new ideas, to share and collect knowledge but never forget that it could also be harmful to you if you are not keeping yourself updated with cyber threats.

Source: Heimdal Security

 

Similar Articles: 

Beware Tax Professionals! Unites States IRS Has Reported An Email Phishing Scam!

Indian Embassies Hacked By Two Grey Hat Hackers!

Things to know about Social Media Malware

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.