Phishing Alert: Fake Emails Mimic LogMeIn Activation Emails

In light of recent news around the Yahoo breach, we are getting reports from both the general public and LogMeIn customers about two suspicious emails that are designed to look like they are coming from LogMeIn — they have all the hallmarks of phishing attempts.

All of the reports are meant to look like a LogMeIn activation email. The email subject line is: Activate your account” or “Verify your new LogMeIn ID.”

We want to make it clear that these did NOT come from LogMeIn and people should NOT click on the links in these emails.

While we are working with our partners to remove these malicious websites, as part of our commitment to security, we want to make sure our users and the public are aware of this specific email, and we wanted to share what we’ve learned, as well as provide an easy way for people to identify the tell-tale signs of phishing attacks.

First email subject line: Activate your account or Verify your new LogMeIn ID
Intended behavior/action: Tries to get you to open the embedded link which then downloads a malicious file.
Email body text is:
LogMeIn – Please activate your account

What happened? As you may have seen in the news, lists of hundreds of millions of user credentials taken from past breaches (mostly at social networks) are now being used for a variety of recent nefarious activity on high profile sites like Netflix and Facebook. LogMeIn actively looks for situations where the accounts of our users could be at risk—even if the threat is external to our service. In this particular case, we identified users who may be at risk.  

What to do? Your account user@yourdomain.com is not activated and therefore you can’t connect to your computers any more. Use the link bellow to activate your account.
* we will connect you to a virtual computer
* use any of your access codes or computer password to activate your account If we identify an unusual activity your account will be suspended until future notice.    

http://username.s.logmein.center/ctt/?account=akleuhsdsdeiweweihoweojiweiehuewehewhufewhiwefwe=

Copyright © 2003-2016 LogMeIn, Inc. All rights reserved.

 

Second email subject line: Verify your new LogMeIn ID
Intended behavior/action: Tries to get you to open the embedded link which then downloads a malicious file.
Email body text is:
Here’s how to update your LogMeIn ID.

We recently disabled your email address associated with your LogMeIn ID.

LogMeIn ID: &email&

To verify your address, click on this link (or copy and paste into your browser):

http://user.s.logmein.center/ctt/?account=sjndeiu3wiu3wniWEHewewjiOOWEFk== 

No changes will be made to your account. Remember, your LogMeIn ID gives you access to multiple great products by LogMeIn. 

For your security, the link above expires in 24 hours.

 

As with all suspicious emails, please read carefully and review the website links in these messages. We’ll update this post if we learn more, but please be sure delete these messages if you receive them.

We also recommend taking a look at our primer on how to protect yourself against phishing attacks and ensure you’re following secure password practices.

 

Leave a comment
Comments are closed.

Explore our other Technology or Recent posts.