At a glance.
- Phishing scam involves LinkedIn account notifications.
- Update on the Tulsa, Oklahoma, data breach.
- Cancer patient sues over healthcare data exposure.
- Irish data authority will investigate Facebook privacy policies.
- HelloKitty ransomware now out in a Linux-based version.
Phishers use Google Forms to bypass detection.
Researchers at Armorblox investigate a phishing scam revolving around LinkedIn account notifications. Using a hijacked Nigerian university email account, the hackers sent messages bearing LinkedIn branding claiming the target’s LinkedIn account had been locked. All links in the email lead to the same fraudulent LinkedIn sign-in page hosted on Google Forms, and because Google Forms is trusted by default by Google Workspace email platforms, the scammers are able to dodge authentication checks. The operation highlights the need for organizations to implement more robust email security protocols.