Bogus Electronic Mail Masquerading as LogMein Intercepted
Security researchers warn of fake e-mails posing as messages sent from LogMein the provider of PC access service from remote as they hit users' inboxes, thus reported net-security.org.
Expressing gratitude to recipient, the bogus e-mail cites the reason as him buying LogMein Pro in connection with 25 PCs by paying $99. The payment, according to the message, has been obtained via successfully charging the sum to the recipient's credit card.
It's also said that user can see the transaction details from a Microsoft Word document attached along with.
But, LogMein hasn't sent the e-mail. Also, by viewing the attachment, there'll be instruction for enabling macros supposedly in order that there would be right display of the 'receipt.'
Nevertheless, enabling macros results in harmful macros that can take down as also plant other kinds of malicious programs onto Windows PCs. When planted, these malicious programs can pull down further malicious codes while make the contaminated PC a zombie for certain botnet.
Moreover, the header along with so-called payment sum can be varied as per the e-mail's different versions, with some versions containing a Microsoft Excel attachment instead of the Word.
Thus security researchers suggest that anyone getting the above kind of e-mails mustn't click any web-link else view any attachment inside them. Further, they should keep macros deactivated within Microsoft Office unless there's any special purpose for using them.
Unfortunately, cyber-criminals have targeted LogMein earlier also, researchers remark.
Security experts spotted cautiously-constructed fake e-mails supposedly from the automatic mailing system of LogMein. Those messages' caption notified receivers about an invoice issued after providing them service of the company. Probable victims were notified that there was a pending Pro-subscription (pertaining to the service) on one particular date for which the invoice had been issued. The e-mails tried to be legitimate so they displayed one web-link apparently leading onto LogMein's support site as well as onto so-called address related to the online bill. Nevertheless, the web-links wouldn't work so end-users were forced towards opening the attachment for taking down the invoice while ending up with a zipped archive actually containing info-grabbing malware.