Amid the COVID-19 pandemic, cybercriminals are jumping at the new opportunities to target remote workers. Last month, we reported on their scams targeting the popular video conferencing program, Zoom. Their latest ploy is targeting remote workers targets users of LogMeIn, a popular remote connectivity service. LogMeIn provides users with single sign-on capabilities with LastPass, and victims who fall for this scam may find that their access to the password manager--and all accounts stored within the password manager--endangered as well.
Those targeted by the LogMeIn Phishing attempt will receive an email appearing to come from LogMeIn. This email alerts the recipient of a patch to an active vulnerability affecting the company’s products. This reported vulnerability does not actually exist. Recipients of the email are asked to click on a link that appears to be a LogMeIn URL. When clicking on the link, they’re instead brought to a convincing phishing page designed to look like the LogMeIn website.
The timing of this attack is especially useful for cybercriminals. This is because many collaboration platforms, including Zoom, LogMeIn, and several others, have been forced to release frequent performance and security updates to their platforms to account for the sudden uptick in users. Because of that, remote workers are becoming accustomed to applying these updates to improve the performance of the application and ensure that their security is maintained.
LogMn owns Lastpass, and this would potentially allow the attacker to gain access to each of the accounts in Lastpass for which the victim has stored credentials.
Check if your information has been leaked
LogMeIn Phishing: How To Recognize the Scam
The image below shows a sample of one of the phishing emails cybercriminals are sending to potential victims.
This email includes the official LogMeIn logo. This tactic is one that cybercriminals use to gain the trust of their potential victim as this appears on the surface to be an official email from LogMeIn.
On closer inspection, the following parts of the email make it clear that the email was not, in fact, sent by LogMeIn:
The Sender’s Email Address This phishing email may come from any email address. In this specific email, the sender is john@em7269.the3765.com. It’s important to note that the email address does not include the LogMeIn domain within the email address. This is a key part of any email sent by a reputable company. Emails that actually came from LogMeIn or LastPass include the company name after the @ symbol in the email address.
Poor Use of English
Throughout the email, several instances appear where the sender has not used proper English. For example, “In order to improve the confidence of our customers on security of our services.” is not a complete sentence and lacks an article to prefix the word “security”. In the next sentence, “LogMeIn team has released today a new security update”, LogMeIn also lacks an article prefix to the company name “LogMeIn” and the placement of the word “today” does not align with common use of the English language.
The Destination Link Doesn’t Match
The link shown in the email appears to be a valid LogMeIn URL on a quick glance. However, the destination link does not match the LogMeIn website. Instead, it is a clone of the LogMeIn website. To identify this without opening the malicious site in emails that you receive, hover your mouse over the link. The destination URL for a legitimate email will match the URL shown, but in this case, the destination URL does not lead to a website on the LogMeIn domain.
Use Of Fear Tactics
No legitimate company will threaten to suspend a subscription solely for not applying a single update. The use of fear tactics is one that cybercriminals use to push potential victims to act fast. This, in turn, causes them to compromise their better judgment for fear of a negative consequence.
Key Takeaways
It is crucial to stay educated about online scams. Learning to identify phishing scams and other scams on the internet is more important than ever as cybercrime instances continue to become more common every day. You can learn more about Phishing Scams in the Guardio Blog here: Phishing Explained: Everything you need to know to stay safe from phishing scams. In our blog, you’ll also find information about other scams to be aware of, how to identify them, and how to protect yourself from becoming a victim.
Still, even the savviest of individuals can fall victim to a well-executed phishing scam. Because of this, it is recommended that everyone uses browser protection. Browser protection stops threats like these before they have a chance to cause harmful effects. For example, when you receive a phishing email and click on a malicious link, providers of browser protection like Guardio block the offending website. This means that with Guardio, you won’t find yourself in a position where you might inadvertently share your credentials with a cyber-criminal.
