InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
AI Subscribe Login/Register account icon
S&P 500
5,745.37
(
0.40%
)
US TECH 100
19,584.00
(
0.78%
)
Dow Jones
42,175.11
(
0.62%
)
Brent Oil
70.95
(
-3.06%
)
Bitcoin
64,945.82
(
2.87%
)
Post# of 249593
Next 10
Reply Private New
Public Reply Private Reply New Post
Keep Last Read
Keep Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Genz2

Send PM Follow Ignore
Followers 5
Posts 3020
Boards Moderated 0
Alias Born 09/06/2006

Genz2

Re: None

Thursday, 05/21/2020 8:50:57 PM

Thursday, May 21, 2020 8:50:57 PM

Post# of 249593
Beware of phishing emails urging for a LogMeIn security update

https://www.helpnetsecurity.com/2020/05/21/logmein-security-update-phishing/

LogMeIn users are being targeted with fake security update requests, which lead to a spoofed phishing page.

“Should recipients fall victim to this attack, their login credentials to their LogMeIn account would be compromised. Additionally, since LogMeIn has SSO with Lastpass as LogMeIn is the parent company, it is possible the attacker may be attempting to obtain access to this user’s password manager,” Abnormal Security noted.

The fake LogMeIn security update request

The phishing email has been made to look like it’s coming from LogMeIn. Not only does the company logo feature prominently in the email body, but the sender’s identity has been spoofed and the phishing link looks, at first glance, like it might be legitimate:

“The link attack vector was hidden using an anchor text impersonation to make it appear to actually be directing to the LogMeIn domain,” Abnormal Security explained.

“Other collaboration platforms have been under scrutiny for their security as many have become dependent on them to continue their work given the current pandemic. Because of this, frequent updates have become common as many platforms are attempting to remedy the situation. A recipient may be more inclined to update because they have a strong desire to secure their communications.”

Advice for users

This LogMeIn-themed phishing campaign is a small one, but users should know that the company has seen an “incredible uptick” in collaboration software impersonations in the past month.

Be careful when perusing unsolicited email, even if it looks like it’s coming from a legitimate source. If you have to enter login credentials into a web page, make sure you landed on that page by entering the correct URL yourself or by opening a bookmark – and not by following a link in an email.

In this particular case, you can be sure that if LogMeIn asks you to update something, the request/reminder will be shown once you access your account, so you’re not losing anything by ignoring the email and the link in it.
==================================================================
Wave has simple to use and very effective MFA (multi-factor authentication) as part of Wave VSC 2.0!! Would the phishing work on those using Wave VSC 2.0? NO!! The hacker would have to have the TPM in the user's computer in addition to the PIN. The links below explain the virtual smart card, and there is contact information at the last link!!
================================================================== https://www.wavesys.com/

https://www.wavesys.com/products/wave-virtual-smart-card

https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

https://www.wavesys.com/contact-information


















Public Reply Private Reply New Post
Keep Last Read
Keep Last Read Next 10 Report Keyboard Shortcuts
Next 10 Prev Next
Join InvestorsHub

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.

Sign Up