Follow GFI:
Find us on Facebook Follow us on Twitter Find us on Linkedin Subscribe to our RSS Feed Find us on YouTube Find us on Google+

New Phishing Campaign Targets LinkedIn Users with Fake Reminders

on November 9, 2012

Phishing attackers are always looking for a new angle, and the latest attacks making the rounds look to fool victims using LinkedIn Reminders as their angle. Unlike so many other phishing attacks that are seen every day, these actually look pretty good – in fact, almost better than the real ones!

If you are a LinkedIn user, you probably get an occasional invite asking you to connect with someone. Maybe it’s a coworker, a vendor or a customer, or maybe it’s someone you’ve never even heard of before – that happens quite frequently in fact. While you’d respond immediately to the requests from people you know, you’d probably let the ones you don’t recognize sit for a while, and plan to get around to them when you have some free time.

Fast forward a couple of days and LinkedIn will send you a reminder email that you have an invite pending. Again, that’s no big deal and most of have probably seen these before. It’s the run of the mill nature of these reminders that is being exploited in this new phishing campaign.

The attacker(s) are sending fake LinkedIn reminder messages that, at first glance, look more authentic than the real thing. The first one I got almost fooled me! Fortunately I am just in the habit of looking at URLs when I mouse over links and that is what saved me. Each one of the links goes to some site in China hosting malware or a fake login page. Here’s what the fake message looks like:

And here’s what the real one looks like:

There are three things to focus on:

  1. The From address does not match typical LinkedIn emails, which use a no-reply address in their domain.
  2. In the fine print, it looks like the attacker’s script had an error, as it says “This message was sent to .” Notice, there is nothing after the “to” but a period.
  3. If you mouse over the links, none of them go to LinkedIn pages. All go to some site in China.

Of course, the above are just screenshots and not the real messages. We don’t want someone to accidentally click a link in the fake message. I also changed the From name to protect the innocent.

Email admins need to be aware of these attacks, key in on the wording that can be used to update filters, and also to raise awareness amongst their coworkers. I expect that more people use their personal email for LinkedIn than their business address, and awareness is going to be the best line of defense against these sorts of attacks. Help your uses protect themselves by sharing this article, or sending your own “heads up” so they know about this before they become a victim.


Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!


About the Author:

Christina is Web Marketing Content Specialist at GFI Software. She is a keen blogger and has contributed content to several IT sites, besides working as an editor and regular contributor to Talk Tech to Me. Christina also writes for various publications including the Times of Malta and its technology supplement.

Jarek January 3, 20133:25 pm

OK, but then what if you mistakenly have clicked on such reminder and opened the website?

Christina Goggi January 4, 20133:10 pm

Then you need to inform your support desk or information security team so that they can run a malware scan, and take any appropriate actions to change credentials if you did more than just click. And they need to understand that people are people, can and will make mistakes, and their job is to tend to the issue, not chastise the user for making a simple and entirely understandable error.

Deborah Jane February 12, 201311:50 pm

This sounds like good advice, but I’m perplexed as to why solutions to problems like this one (and I clicked too; was caught off-guard this time) so often just instruct users to have our support desks or system administrators or information security teams, etc., fix it, as if everybody has those. I’m an at-home computer user who came here seeking help, but I’m my own support desk and security team and everything else. I can’t just deflect this problem. So now what? What are those “appropriate actions” other than running a malware scan?

Christina Goggi February 18, 201312:22 pm

Hi Deborah, great question! Here’s the rundown of what I like to do:

1. Make sure your antivirus software is completely up to date.
2. Run a complete scan of your system. You may have to dig into the options, as many a/v products default to a quick scan. You want a complete scan.
3. Address any issues that the scan finds.
4. While you are focused on the system, apply any operating system or application updates that it needs. Don’t forget Flash, Adobe Acrobat Reader, etc.
5. Reboot
6. Run another complete scan after the reboot just in case there was something waiting for a restart before it executed.
Hope that helps :)