Warning: LinkedIn Email Confirmation Message is a Phish

By Neil Vidyarthi 

LinkedInAfter yesterday’s LinkedIn password hack, some industrious hackers are now attempting to deceive vulnerable LinkedIn users by sending them fake emails claiming to be able to help them. The emails were found by readers of the ESET security blog and reveal an insidious attempt to once again get users’ passwords as they worry about the current LinkedIn hack. We take a closer look below.

The email to look out for is titled “Please confirm your email address” and is sent by “LinkedIn Email Confirmation.” It looks very much like a legitimate email from LinkedIn, but if you look carefully at the address from which the email is sent you’ll see it’s not a “linkedin.com” address. That’s key. I’m sure some services like Gmail are going to try and spot this and detect it as spam. You can take a look at a copy of the email here at the eset blog.

At this point, the best course of action is to change your LinkedIn password if you didn’t yesterday, and keep on the lookout for anything related to LinkedIn. The LI profile is an important profile for people, and mine for instance is tied to many of my professional colleagues – I don’t need it being plagued by spam or false posts. We’ll keep an eye on the situation as it develops further.