![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif){kind=small}
aneirin_awenyd pointed me to this article on the BBC, which mentions a scam that is using the LinkedIn security issue to take people to a spam site. That's *relatively* innocuous (although the odds are high that the site is full of malware), but does point up a risk to be careful about: it is near-certain that the bad guys will take advantage of the situation for phishing schemes.LinkedIn *may* send out an email about the issue, describing how to change your password; that's fine. But if you get an email saying to do so that has a *link* to a login or password-change page, do not click it. Good security practice is to never send such things, and it will probably take you to a phishing site instead, that will try to steal your password.
This is a basic security-practice thing, and worth keeping in mind. Notifications that say something like, "You should go to our site, log in normally, and do this maintenance" are usually on the level. Ones that provide a link to a login page are, 80% of the time, scams that are trying to steal your password. When in doubt, go to the site yourself (not via a link), log in normally, and find the "My Account" link or whatever the site's equivalent is...