Phishing [1], unfortunately, is a common hacker tactic on the Internet, and Facebook [2] has been a victim of this type of attack using bogus “friend” requests sent via e-mail for some time now. I suppose, due to the increasing popularity of LinkedIn [3] (there are now more than 75,000,000 business professionals), LinkedIn has now been targeted too!
If you are a LinkedIn user (who’s not nowadays?) you must beware of a new Phishing attack delivered in the guise of LinkedIn invitations LinkedIn messages. Over the past few days, starting on Friday, 08/13/2010, I have received many e-mail messages which appear to be legitimate LinkedIn invitations and/or LinkedIn messages.
These e-mails look 100% authentic, but there are two tell-tale signs that they are not legitimate:
1. If you look carefully at the target of the links embedded in the e-mail messages, you will find that they all go to third party web sites, and will most likely attempt to install some type of malware on your computer.
2. You will not get a copy of the message in your LinkedIn Inbox; it will only go the e-mail address that you registered at LinkedIn.
Below are example screen shots of each of the two different messages I’ve received. The first appears to be a legitimate LinkedIn invitation:
[4]
The second looks like a legitimate LinkedIn update message:
[5]
As you can see in the second example, when I mouse over the link, it DOES NOT point to LinkedIn. If you use Outlook (shown in the screen shot), simply mouse over the link (do not click it) and it will show you the target, if it doesn’t point to LinkedIn, it’s not valid. If you use some type of web mail like Yahoo Mail or Gmail, mouse over the link (without clicking it) and look in the status bar in the lower left hand corner of your browser to see the target.
Here are two intereviews that I did on Fox 19 about social media scams and Phishing:
Dave Hatter on Fox 19 (WXIX) discussing Phishing [6]
Dave Hatter on Fox 19 (WXIX) discussing Social Media Scams – 091113 [7]
I have contacted LinkedIn customer service to inform them about this issue; you can see their response below:
LinkedIn Customer Support Message
Subject: I think LinkedIn is the vicitm of a Phishing attack using LinkedIn invitations
Hi Dave,
Please be cautious in opening any attached files included in these types of malicious spoof emails as they may contain Malware which could be damaging to your system.
Your privacy is our top concern. We work hard to earn and keep your trust, so we adhere to the following principles to protect your privacy:
We will never rent or sell your personally identifiable information to third parties for marketing purposes.
We will never share your contact information with another user without your consent.
Any personally identifiable information that you provide will be secured with all industry standard protocols and technology.
We thank you for contacting us about this matter and apologize for any inconvenience the malicious sender may have caused. If you ever receive any communications in which you feel are suspicious in nature, please do not hesitate to contact us again.
Regards,
Angela
Groups Lead, LinkedIn Customer Service
Original Contact:
Member Comment: Dave Hatter 08/13/2010 01:01 PM
I got this e-mail today which looks like a legitimate LI invitation.
However, each link points to cernoma.com/x.html.
Though you should know about this so your could check it out and inform users.. Here’s the body, a screen shot is attached too.
LinkedIn
Eli Castro has indicated you are a Colleague at Interbrand:
I’d like to add you to my professional network on LinkedIn.
– Eli Castro
Accept
View invitation from Eli Castro
DID YOU KNOW your LinkedIn profile helps you control your public image when people search for you?
Setting your profile as public means your LinkedIn profile will come up when people enter your name in leading search engines. Take control of your image!
© 2010, LinkedIn Corporation
? Would you like to learn more about how to harness the knowledge and expertise of your network?
Find training resources on the LinkedIn Learning Center or browse FAQs on the LinkedIn Customer Support Center.
Check out New on LinkedIn or follow us on Twitter®.
LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user without your permission.
LinkedIn Corporation © 2010 | Privacy Policy | User Agreement | Copyright Policy
[—001:001947:05451—]
