Defending Against Phishing Scams
You and your users should be aware that suspicious emails are sometimes sent to LogMeIn Pro users. Such messages simulate GoTo email formats to appear authentic, but do not originate from GoTo. They are designed to convince you to voluntarily disclose personal information, download an attachment or follow a link to a malicious site or application.
Here's how to recognize a scam message:
- Valid links in our emails most commonly point to logmein.com, logmeinrescue.com, or goto.com. If the destination is different, the message is most likely fake.
- Hover your mouse pointer over the link for a couple of seconds.
- Check the actual destination at the bottom left of your browser window, or in the tooltip that appears above the link.
Recognizing fake link destinations
- Watch out for fraudulent alerts that urge you to take action immediately, usually regarding account closure, an expiring subscription, or compromised security.
- Be wary of any message with bad grammar/spelling or inconsistent style.
- Be suspicious of embedded forms in an email – Never submit sensitive, personal or confidential information via forms embedded within email messages.
If you are unsure an email is coming from us:
- Do not click any of the links
- Delete the message to keep your personal data safe
- Do not disclose personal information – Never ever send any information about your account in an email
- Send the entire message to us so we can track down its source
- Make sure your receiving mail server performs a Sender Policy Framework (SPF) check
- SPF allows recipients to verify sender identity (at the organizational level) by allowing domain owners to publish, via DNS, the IP addresses that are authorized to send emails from the specified domains
- Ask your mail server administrator to configure SPF validation; this is usually done in the spam filter
If you have accidentally opened an attachment or clicked on a link:
- Change your password on your account
- Clean your computer system of possible malware
- Contact your anti-virus vendor for removal steps if you are unsure
- The Anti-Phishing Working Group is an organization tasked to help to fight phishing scams; you can report phishing at http://www.antiphishing.org/report-phishing/
Resources: