As part of our ongoing commitment to security, we want to make our users and the public aware of a new report of malicious software impersonating LogMeIn updates to Point of Sales (PoS) systems.
On Friday, January 19, 2018, a security researcher from Forcepoint (https://www.forcepoint.com/) reached out to LogMeIn’s Security Team and provided details on a suspected PoS-based malware. According to our investigation, the malware is intended to deceive an unsuspecting user into executing a malicious email, link or file, possibly containing the LogMeIn name.
This link, file or executable is not provided by LogMeIn and updates for LogMeIn products, including patches, updates, etc., will always be delivered securely in-product. You will never be contacted by us with a request to update your software that also includes either an attachment or a link to a new version or update.
This potential malware is being delivered through channels independent of our solutions and we have no evidence at this time to believe that the LogMeIn environment or our products have been compromised as a result thereof.
As always, we encourage users follow standard best practices to safeguard their accounts against phishing and social engineering which include:
- Only accept updates directly from within your LogMeIn product. We will never deploy a software update via email.
- Beware of phishing attacks. Do not click on links from people you don’t know or that seem out of character from your trusted contacts and companies.
- Turn on 2FA for email, and other services like your bank, Twitter, Facebook, etc. Two-factor authentication remains one of the most effective ways to protect your account from targeted attacks.
- Set a strong, random password for email and for every online account.
As with all suspicious emails, please read carefully and review the website links in these messages. Please be sure to delete these messages if you receive them.