And since LogMeIn uses a single sign-on with LastPass, the attackers may be trying to gain access to the user’s password manager, potentially opening the door to all of the person’s stored passwords. Of course, any credentials entered at the phony login page are captured by the criminals behind this attack. The page also contains branding for password manager LastPass, which is the parent company for LogMeIn. Clicking on the link brings the recipient to a fake login page that appears similar to the actual LogMeIn page. A stern warning asserts that if the update is not applied, then the user’s account will have to be suspended for security reasons. To apply this alleged security update, the user is told to click on a link in the email. As such, this campaign is also taking advantage of the security concerns raised about these remote access platforms. In this particular attack, the phishing email claims to be from LogMeIn with a notice informing the recipient of a fix to a zero day vulnerability found in LogMeIn Central and LogMeIn Pro. Spotting this new phishing attack for first time in May, Abnormal Security noted that the recent impersonations of LogMeIn and other remote collaboration tools such as Zoom are likely due to the shift in remote work. SEE: Fighting social media phishing attacks: 10 tips (free PDF) (TechRepublic) In a blog post published Tuesday, security provider Abnormal Security explains how this campaign works. As more people work from home due to the coronavirus, a new phishing campaign is impersonating the remote access tool LogMeIn to obtain the account credentials of unsuspecting victims. Such campaigns often strive to reference items in the news to catch the attention of those concerned about current events. Phishing campaigns try to trick people by spoofing well-known companies, brands, and products. New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managers How Generative AI is a Game Changer for Cloud Security 8 Best Penetration Testing Tools and Software for 2023Ħ Best Cybersecurity Certifications of 2023
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |