Application security, Threat Management, Malware, Phishing

Email phishing scam impersonates LogMeIn to trick remote workers

Add LogMeIn to the list of remote services and collaboration platforms whose users are being targeted by phishing scammers seeking to take advantage of businesses' current work-from-home policies under COVID-19.

In a company blog post, Abnormal Security researchers reported witnessing an influx of campaigns targeting LogMeIn -- provider of cloud-based remote connectivity services for collaboration, IT management and customer engagement -- after not seeing any such similar activity prior to May.

And because LogMeIn provides single sign-on capabilities with LastPass, victims who fall for this ruse may find that their access to the password manager is endangered as well.

The phishing emails appear to come from LogMeIn, alerting the recipient of a patch to a zero-day vulnerability affecting the company's products. This bug, of course, does not really exist. Recipients are asked to click on a link that looks like a LogMeIn URL, but actually leads to a convincing-looking phishing page.

"Other collaboration platforms have been under scrutiny for their security as many have become dependent on them to continue their work given the current pandemic," Abnormal Security explains. "Because of this, frequent updates have become common as many platforms are attempting to remedy the situation. A recipient may be more inclined to update because they have a strong desire to secure their communications."

"We’ve seen an incredible uptick in collaboration software impersonations in the past month," the report continues. "Most of these platforms are associated with other logins (like G Suite or Office 365 logins) and can be leveraged by attackers to gain access to or assault other accounts."

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.
Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

You can skip this ad in 5 seconds