Two phishing emails making the rounds

We’re getting reports from both LogMeIn users and the general public of suspicious emails. These appear to be part of a blanket phishing attempt. While there are some differences, all of the reports we’ve received are meant to appear as receipts with subject lines like “Your LogMeIn Pro payment has been processed!” and “Order Confirmation #789508 for <your email address>.” We want to make it clear that these did NOT come from LogMeIn and people should not click on or open any of the attachments in the email. As part of our commitment to security, we want to make sure our users and the public are aware of this specific email, and we wanted to share what we’ve learned, as well as provide an easy way for people to identify the tell tale signs of phishing attacks.

 Also, please note that LogMeIn employs DMARC, SPF and DKIM on emails sent from a @logmein.com address. These allow the recipient email server to make sure that the email was sent from an authorized source and that its contents are intact.

The checks are performed on the receiver side. All major email providers, for example Google, Yahoo and Outlook.com support these standards.

If you received a one of these emails, please contact your email administrator and point her to this web site http://dmarc.org/, as your email server is not checking for DMARC.

The email subject lines are:

  • Your LogMeIn Pro payment has been processed!
    Or
  • Order Confirmation #789508 for <your email address>

Intended behavior/action: Tries to get you to open corresponding attachment or a link, which contains malicious file.

The email body text examples are:

Example one:
Dear client,

Thank you for purchasing our yearly plan for LogMeIn Pro on 25 computers.

Your credit card has been successfully charged.

Date : 17/2/2015
Amount : $720 ( you saved $549.75)

The transaction details can be found in the attached receipt.

Your computers will be automatically upgraded the next time you sign in.

Thank you for choosing LogMeIn!

Example two:
Dear customer,

Thank you for purchasing our yearly plan for LogMeIn Pro on 25 computers.

Your order has been processed and your credit card has been charged.

For more information regarding this order, please review the attached order confirmation invoice.

To open the invoice, Microsoft Word must be installed on your computer and macros feature must be enabled.

LogMeIn Account: <your email address>
Date : 30 March 2015
Amount : $720
Credit Card : XXX-XXX-XXXX-8012

Your computers will be automatically upgraded the next time you sign into your account.

Thank you for choosing LogMeIn!

As with all suspicious emails, please don’t open/download any attachments in these messages.  We’ll update this post if we learn more, but please be sure delete these messages if you receive them.  We also recommend taking a look at our primer on how to protect yourself against phishing attacks.

    
Attila&nbsp;Torok

Written by

Attila is a Security Engineer at LogMeIn

One thought on “Two phishing emails making the rounds

  1. Yes…Phishing Emails got to my email inbox today…

    Dear customer,
    Thank you for purchasing our yearly plan for LogMeIn Pro on 100 computers.
    Your order has been processed and your credit card has been charged.
    For more information regarding this order, check the attached order confirmation receipt.

    Date : 31 March 2015
    Amount : $2750
    Credit Card : XXX-XXX-XXXX-7023

    Your computers will be automatically upgraded the next time you sign into your account.

    Thank you for choosing LogMeIn!

Comments are closed.