LinkedIn users targeted by phishing scams after hacker attack

LinkedIn Corp. said it was not aware of any user accounts being compromised as a result of an attack by a hacker who obtained 8 million passwords and posted them online.

The professional social networking website said Thursday that it had not received “verified reports of unauthorized access” to its users’ accounts since the breach earlier this week.

But that didn’t address users coming under attack from phishing scams that are using the incident to steal log-in names and passwords.

The latest LinkedIn predators are sending users phony emails meant to resemble official messages sent by the company. Phishing scams often include links to websites disguised as real log-in pages to trick users into entering their log-in names and passwords. Other phishing scams ask users to open attachments that infect their computers.

The slew of phishing scams has been confirmed by security experts online.

LinkedIn on Thursday said it had previously addressed phishing scams in a 2010 blog post advising users to be cautious when opening emails from senders claiming to be LinkedIn and to look for typos and faulty links — clues that such emails are not legitimate.

LinkedIn was not alone in falling victim to the attack that exposed 8 million passwords. The hacker also targeted the website of EHarmony Inc., which confirmed the hacking, and BBC reported that music website Last.fm also may have been targeted.

Last.fm told the BBC that some of its members’ passwords had been leaked, and it posted a message on its website instructing users to change their passwords.

Users of any of these sites are advised to be safe and change their passwords. Use long passwords that include numbers as well as both capital and lowercase letters. Also, do not use the same password for all your online accounts.

salvador.rodriguez@latimes.com

Times staff writer Andrea Chang contributed to this report.