Poorly crafted LogMeIn password reset email looks phishy, but isn’t

LogMeIn has been sending out password reset emails to some of its customers, to prevent account hijacking fuelled by the recent spate of massive login credential leaks.

Unfortunately, their own legitimate email looks too much like a phishing message that many customers began reporting them as such to the company:

As SANS ISC handler Rob VandenBrink pointed out in the above image, two of the links included in the message look “phishy”, indeed.

“The blog entry in the email points blog.logmeininc.com is different than the blog on logmein’s home page, which is at blog.logmein.com. And accounts.logme.in is a domain that truly looks like it was set up to steal credentials,” he noted.

“This is absolutely awful… sets off almost all of the phishing alarms I’m preaching my users,” one commenter pointed out. “They have about 12 different blogs, so even going to logmein.com manually and looking at the blog linked there does not get you any info related to the stated issue (that’s on a sub-blog of LogMeIn Pro / logmeininc.com).”

Nevertheless, the emails are legitimate.

“Accounts.logme.in is one of our publicly available domains, and the email you are looking at is ours,” the company replied to a user who also believed that the password reset link looked like it might lead to a phishing page.

LogMeIn, whose many products and services are widely used by businesses, did a good job forcing a password reset for accounts that might be endangered by the recent leaks, and by offering good advice on choosing a new password, as well as on spotting phishing attempts.

Too bad they didn’t follow it themselves, especially because their customers have been targeted with phishing emails just two weeks ago.