Add LogMeIn to the list of remote services and collaboration platforms whose users are being targeted by phishing scammers seeking to take advantage of businesses’ current work-from-home policies under COVID-19.
In a company blog post, Abnormal Security researchers reported witnessing an influx of campaigns targeting LogMeIn — provider of cloud-based remote connectivity services for collaboration, IT management and customer engagement — after not seeing any such similar activity prior to May.
And because LogMeIn provides single sign-on capabilities with LastPass, victims who fall for this ruse may find that their access to the password manager is endangered as well.
The phishing emails appear to come from LogMeIn, alerting the recipient of a patch to a zero-day vulnerability affecting the company’s products. This bug, of course, does not really exist. Recipients are asked to click on a link that looks like a LogMeIn URL, but actually leads to a convincing-looking phishing page.
“Other collaboration platforms have been under scrutiny for their security as many have become dependent on them to continue their work given the current pandemic,” Abnormal Security explains. “Because of this, frequent updates have become common as many platforms are attempting to remedy the situation. A recipient may be more inclined to update because they have a strong desire to secure their communications.”
“We’ve seen an incredible uptick in collaboration software impersonations in the past month,” the report continues. “Most of these platforms are associated with other logins (like G Suite or Office 365 logins) and can be leveraged by attackers to gain access to or assault other accounts.”
In this attack, the attacker is impersonating the collaboration software provider, LogMeIn, in order to obtain the recipient’s credentials. In May, we began to observe new email attack campaigns impersonating LogMeIn after previously seeing none. The growth in impersonations of this and many...