In the meantime, one security researcher posted details online of how he was able to spoof the profile information LinkedIn drops into the iOS Mail app and the relative ease with which this facilitates a phishing attack.
None of that, however, deterred security researcher Jordan Wright, a security engineer at CoNetrix, from managing to spoof Intro profile information inserted into a Mail client message.
Wright posted some details on his blog. He started by intercepting the security profile sent to an Apple device that installs the new email account acting as a proxy that sits between LinkedIn’s IMAP and SMTP servers. From the profile, he was able to recover the username and password used to log into LinkedIn’s services. Using that information, he was able to see the content LinkedIn’s IMAP proxy injects into an email and ultimately hide the existing Intro data in favor of spoofed data he injected into the message.