New LinkedIn phishing email making the rounds

Code

It seems that LinkedIn cannot catch a break. After a rather large data breach that resulted in the theft of a large number of user account information (including unsalted passwords protected by an outdated encryption scheme) there is now a new phishing email making the rounds that is aimed specifically at LinkedIn users.  Although phishing emails that target users of social networks are nothing new this one is the first that we have seen that targets LinkedIn users and also appears to be sent directly to LinkedIn user email addresses.

We first saw the new email back in December and thought it was a standard spam/phishing email much like the ones we have gotten in our junk mailbox (Hotmail) for years. However we quickly noticed that we were not getting this email in any other email accounted except for the one that was tied to our LinkedIn account. To test this we created a new LinkedIn account using an existing email address and also reopened an old LinkedIn account using another email address. Both of these addresses are now getting the new emails about once a week.
linkedin02

The Emails appear authentic although the formatting is not correct for the type that they are claiming to be. They often come in along with other communication from LinkedIn which can make them hard to spot. They are almost always formatted to appear like they are an invitation to connect from a LinkedIn user with links in them to view the user’s profile and to go to your Inbox to check things out. Unfortunately clicking on any of the links in the email take you to someplace that you do not want to go. The address that they are attached to is "agnesyipmua.com/wp-content/plugins/akismet/track.php?c005". This address has nothing to do with LinkedIn and appears to try and install tracking software on your system. We tried to grab the php file, but the people pushing this scam have thought ahead and are blocking the download of the page as well as preventing direct access to the file.
linkedin

The good news is that the formatting is off for both an invitation to join someone’s LinkedIn network and for a message that is waiting in your inbox. This makes spotting them a little easier than some of the other phishing attempts we have seen. The downside is that these are targeting emails and not sent out to a mass amount of users. The emails will come to you directly instead of to multiple users in a list (like many of the Facebook phishing emails that are going around). We have to wonder how the people behind this are getting access to LinkedIn users’ email addresses. Is this fallout from the breach that happened earlier this year or has someone else gotten into the system and managed to grab another users list? Either way we recommend checking twice before responding to, or clicking on a link in any messages that look like they are coming from LinkedIn; at least for the time being.

Tell us your thoughts on this new issue in our Forum

No comments

Leave your comment

In reply to Some User