June 7, 2012 at 5:17 PM ET
Around the same time LinkedIn confirmed reports that userpasswords had been compromised, and urged users to update their passwords,the email phishing attacks began.
On Wednesday, security firms reported that approximately6.5 million LinkedIn passwords were posted to a Russian hacker website, alongwith at least 1.5 million passwords belonging to eHarmony members. On Thursday,Internet radio website Last.fm reported that passwords for its site had been compromisedas well. All three sites urged users to update their passwords immediately, which unfortunately creates a prime atmosphere of panic for the right phishing scam.
Emails claiming to come directly from LinkedIn askedrecipients to click or cut-and-paste an enclosed url in their Internet browserto confirm their email address, which several digital security firms have identifiedas scams.
"We are investigating the exact detailsbut in the meantime please DO NOT CLICK on links in email to change or verifyaccount information, at LinkedIn.com or on any other membership site,"warned Cameron Camp, security researcher at ESET. "Instead, navigate tothe site directly by typing in the address bar in your browser."
In the emails reviewed by ESET, the link that reads"Click here to confirm your email address" leads to an illegal onlinepharmacy.
Scammers often take advantage ofheadline-grabbing news to trick people into clicking a link both via emails andsocial networks such as Facebook and Twitter. Such scams can trick victims intovisiting websites, providing access to online accounts or downloading virusesto their computers.
When exactly the LinkedIn email phishing scamstarted is not clear. "Because similar emails have beencirculating for some time it is hard to say if this is an example of acoordinated scam designed to leverage the security breach made public today, orsimply a coincidence (like getting a phishing email asking you to reset yourBank of America online banking password two days after you opened an accountthere)," Camp wrote on the ESET blog.
As withthe phishing emails claiming to be from LinkedIn, be on the lookout for similaremails demanding confirmations and changes on your eHarmony and Last.fm accounts.