Phishing Email Targets Logmein Users
LogMeIn, a SaaS company offering cloud-based remote-connectivity collaboration services, CSM, and IT services, has recently released a blog post warning its users of a recent attack by hackers piggybacking on the Covid-19 to gain access to people’s accounts. According to a blog post from LogMeIn, reports have indicated that the emails purportedly send by the company are sent out from a bad actor using the name LogMeIn Auto-Mailer with a subject line that reads [External]: A New Update Has Been Released while the body of the email prompts recipients to click a malicious link in the guise of applying a new security update.
The same blog post has asked users to note that information on the phishing email contains a misleading and inaccurate headline about LogMeIn and LastPass. They have also made it clear that the email has not originated from them and they will never ask their customers to apply a security update.
Hoaxslayer.com, who have also covered this phishing attempt, have gone on further to explain what happens in the event someone clicks into the malicious link. Users will then be taken into a fake log-in page that is used by criminals to harvest LogMeIn log-in credentials.
Users who have received said email are advised to make sure they immediately change all their LogMeIn log-in password as well as enabling two-factor auth to provide a second layer of security and defense against such attacks. As more and more people work remotely due to Covid-19, these kinds of scams are becoming more prevalent and users are advised to be especially vigilant.