Danger Phishing Sign
Home COVID-19 Fake ‘Security Update’ Email Targets LogMeIn Users

Fake ‘Security Update’ Email Targets LogMeIn Users

by Brett M. Christensen

If you use the remote access service LogMeIn, keep an eye out for a fake email claiming that a security update has been released.

The email is a phishing scam designed to steal your LogMeIn account access credentials.

The email, which features the LogMeIn logo, has the subject line “A New Update Has Been Released”.

The body of the email says in part:

A security update has been released. In order to improve the confidence of our customers on security of our services, LogMeIn team has released today a new security update.

The scam email claims that the security update is to provide a fix for a “zero-day vulnerability in both LogMeIn Central and LogMeIn Pro”. It urges you to click a link to apply the update and warns that your subscription will be suspended if you don’t comply.

If you do click, you will be taken to a fake login page that has been built to mirror the genuine LogMeIn website. The information you supply can be collected by criminals and used to access your LogMeIn account.

A warning about the attack on the LogMeIn blog notes:

Please take note this is NOT a LogMeIn email and did NOT come from someone at LogMeIn.  You will never receive an email asking you to apply an update.

If you received this email and clicked on the link, we recommend immediately changing your LogMeIn password and enabling two-factor authentication on your account, as well as your users’ accounts.

LogMeIn Assures Customers That LastPass Data Not Impacted

LogMeIn is the parent company of the popular password manager LastPass. This has apparently prompted some commentators to suggest that the scammers may have been attempting to access LastPass customer data via this LogMeIn phishing attack.

However, the company says that this concern is unwarranted, noting:

While LastPass offers single-sign-on functionality in its business solution, this functionality is not available in LogMeIn Pro or Central, and therefore does not provide access to any data in LastPass.

COVID-19 Scammers Targeting Remote Workers

Due to the COVID-19 pandemic, many more people around the world are working remotely. Remote access and collaborative services such as LogMeIn have seen a significant increase in usage. Predictably, criminals have been quick to exploit this via phishing scams and other attacks aimed at people working remotely.

During these challenging times, we need to remain especially vigilant.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,