Leave a comment

This phishing email almost fooled a security expert with a Ph.D.

Even the most security-minded among us aren't totally safe from malware that relies on social engineering to do its dirty work. Johannes Ullrich, a information technology security expert, recently posted the email that almost tricked him into installing dangerous software onto his PC.

The email pretended to be from LogMeIn, a program that lets you remotely connect to PCs from all over the world. It's often used by travelers who need access to their home computer from out of town.

Note: Yes, LogMeIn is the same program that caused the Dairy Queen data breach.

The email claimed to fix an issue related to the "Heartbleed" vulnerability that left many users wide open last year. I've covered Heartbleed extensively and it would make sense that anyone using LogMeIn would be worried about a Heartbleed-related vulnerability leaving their data exposed.

If a hacker was able to breach a user's LogMeIn account, then they could "screen share" with their victim whenever they wanted. This means that the hacker could watch the user enter their banking info, send personal emails and act as a general peephole into whatever their victim does.

Here's the email that almost fooled the security expert:


It says:

Dear client,

We are pleased to announce that LogMeIn has released a new security certificate.

It contains new features:

  • The certificate will be attached to the computer of the account holder, which will prevent any fraud activity
  • Any irregular activity on your account will be detected by our security department
    • This SSL security certificate patches the "Heartbleed" bug discovered earlier this year

Download the attached certificate. Update will be automatically installed by double click.

As always, your Logmein Support Team is happy to assist with any questions you may have.

Feel free to contact us by visiting https://secure.logmein.com/contactus


What almost managed to trick this expert? Let's go through the list.

  1. The "from" field looks like it's coming directly from the company who would normally distribute security updates.
  2. The address was sent "to an address that I had used with LogMeIn in the past." Meaning that the company would probably have his email address on file.
  3. The only link the email took him to a legitimate LogMeIn URL.
  4. His antivirus program did not detect the attached .zip file as potentially malicious.

What did "set off alarm bells" for Ullrich was the fact that, once unzipped, the file showed up as a "screensaver" folder (.scr extension). Screensavers, macros and many other out-of-the-way file extensions are often used by hackers to infect your PC.

Another easy way to tell whether or not the email was spam was to actually send customer support an email. LogMeIn employees would have easily spotted the email as a fake and let him know.

Want more phishing how-to guides? These might be exactly what you're looking for.

Next Story
View Comments ()
iPhone 6 explosions!
Previous Happening Now

iPhone 6 explosions!

Folks bought this amazing TV for $10,000 last year - see how to get it for $999
Next Happening Now

Folks bought this amazing TV for $10,000 last year - see how to get it for $999