Spear Phishing Scam Targets LinkedIn Users
About 10,000 users of LinkedIn.com, the social networking site for professionals, recently were targeted by a tailor-made scam that urged recipients to open a malicious file masquerading as a list of business contacts.
Most e-mail-based malware attacks and phishing campaigns designed to trick people into handing over personal and financial data generally are blasted out indiscriminately. But so-called "spear phishing" attacks - such as the bogus LinkedIn campaign -- address recipients by name in the subject line and body of the message to appear more legitimate.
The messages in this campaign were of course spoofed to look like they were sent from email@example.com, with the subject line "Re: business contacts." The message read:
We managed to export the list of business contacts you have asked for.
The name, address, phone# , e-mail address and website are included. The list is attached to this message. After you you check it , could you please let me know if it is complete so we can close the support ticket opened on this matter.
Thank you for using LinkedIn
Technical Support Department
From: [recipient's name]
Subject: business contacts
Date: Friday, September 19 , 2008, 11:38 AM
I would like to know if it is possible to export my business contact list from LinkedIn and save it on my hard drive.
I have tried to do that but it seems that the website stops responding after I press export. Can you export it and send it to me ASAP? It's urgent.
The "list" attached to the message was malicious software that attempts to steal user names, passwords and other sensitive data from the victim's PC. A security industry source who asked to remain anonymous forwarded Security Fix the scam e-mail used in this attack. The source said the some 10,000 people who received the message all were LinkedIn users.
Spear phishing attacks are not new. We have seen very similar assaults that spoof the Better Business Bureau and the Federal Trade Commission. They're worth pointing out, though, because they usually have a much higher "success rate" than regular phishing and malware attacks.
I have often wondered how long it was going to take crooks to start picking on LinkedIn. The user base is a target-rich environment that is chock full of C-level executives. What's more, once the scammers have hooked a user, they can then exploit the trusted relationships that make up that person's network and mine those contacts for future attacks.
As I have previously grumbled about online greeting cards, services such as LinkedIn condition people to click on links in e-mail they were not expecting. While this attack was successful only against people who opened the attachment, scammers could just have easily substituted a malicious link for the usual "Join My Network on LinkedIn" hyperlink included in all new contact request invitations.
If you are unsure whether a message that appears to be from Linked is legit, you can always sign in to your LinkedIn account and check your inbox and confirm that the message is waiting there as well.
LinkedIn spokesperson Krista Canfield said that the messages were not sent through LinkedIn's own network and that the company received inquiries from LinkedIn users about these e-mails and responded to each inquiry with instructions.
LinkedIn says users should only connect to people who they know and trust or people who they have actually met and worked with before. The site includes a list of other security and privacy settings and tips for users on the LinkedIn customer service page.
October 8, 2008; 4:31 PM ET
Categories: Fraud , From the Bunker , Latest Warnings , Safety Tips
Save & Share: Previous: Son of Tenn. Lawmaker Indicted in Palin E-Mail Hack
Next: Spam Volumes Plummet After Atrivo Shutdown
Posted by: Stern | October 8, 2008 5:29 PM | Report abuse
Posted by: C | October 9, 2008 4:04 AM | Report abuse
Posted by: TooMuchEmail | October 9, 2008 8:26 AM | Report abuse
Posted by: Anonymous | October 9, 2008 9:56 AM | Report abuse
Posted by: Shieldzee | October 9, 2008 10:13 AM | Report abuse
Posted by: w | October 9, 2008 11:31 AM | Report abuse
Posted by: anonymous | October 9, 2008 11:37 AM | Report abuse
Posted by: Chris | October 9, 2008 11:51 AM | Report abuse
Posted by: dfnsatty | October 9, 2008 4:37 PM | Report abuse
Posted by: C | October 9, 2008 6:58 PM | Report abuse
Posted by: ~sg | October 10, 2008 10:10 PM | Report abuse
The comments to this entry are closed.