Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 142 - Novemeber 2012 (1st Edition) - Page 14

LinkedIn 'Invitation to Connect' Malware Emails

Issue 142 Start Menu

Previous Article            Next Article

Email purporting to be from business focused social network, LinkedIn asks recipients to click buttons to accept or ignore an invitation to connect to a LinkedIn user.

Brief Analysis
The message is not from LinkedIn. Links in the message open various compromised websites that redirect to sites that harbour malware. This malware campaign is very similar to another current campaign that uses fake 'blocked account' notifications purporting to be from Facebook. If you receive one of these messages, do not follow any links that it may contain.

Bookmark and Share

Last updated: October 17, 2012
First published: October 17, 2012
Article written by Brett M. Christensen
Research by Brett Christensen, Matthew Christensen
About Brett Christensen and Hoax-Slayer

From: LinkedIn.Invitations
Subject: Invitation

Hi [email address removed]

David sent you an invitation to connect 4 days ago. How would you like to respond?

Accept Ignore Privately

[Name Removed]
OfficeMax (Divisional Managing Director)

LinkedIN Malware Email

Detailed Analysis
This email, which masquerades as a member invitation from popular business focused social network LinkedIn, asks recipients to respond to the invitation by clicking either "Accept" or "Ignore". The message also includes an unsubscribe link and a link supposedly leading to more information about the message. The email includes the LinkedIn logo and looks very similar to a genuine LinkedIn invitation message.

However, the message is not from LinkedIn. All of the links in the message lead to compromised websites that have no connection to LinkedIn. Once a user lands on one of these websites, they are given the message, "Please wait.....connecting to server". The site then redirects to a another website that harbours malware. Typically, it appears that the sites contain a version of the criminal toolkit known as the BlackHole Exploit Kit. BlackHole is a web application used by criminals to exploit browser vulnerabilities as a means of downloading and installing trojans and other types of malware.

Facebook users are also currently being targeted in a very similar malware/phishing campaign in which they receive fake "blocked account" notifications purporting to be from "The Facebook Team". And another recent BlackHole campaign used fake emails claiming to be from payroll company ADP.

In fact, LinkedIn has regularly been targeted in such malware and phishing attacks. A similar distribution of bogus LinkedIn invitations took place back in September 2010, and there have been various other such attempts since. Always ensure that LinkedIn messages are really from LinkedIn. Scam emails often use HTML to disguise links in their bogus messages. Holding the mouse cursor over a link in the email should display the underlying web address in your email client's status bar and allow you to easily detect if the link is disguised.

It is always safest to login to all of your online accounts by entering the account web address into your browser's address bar rather than by clicking a link in an email.

Bookmark and Share


Facebook 'Blocked Account' Scam Email
ADP 'Transaction Reports' Malware Email
Fake LinkedIn Invitation Emails Point to Malware
Fake LinkedIn Email Leads to Pharmacy Spam Websites
Check Links in HTML Emails

Previous Article            Next Article

Issue 142 Start Menu

Pages in this issue:
  1. Spiderman Window Cleaners Picture
  2. Post Circulating Rekindles a 1990's Anti-Margarine Email
  3. Rey Mysterio is NOT Dead
  4. UN Observers at USA Polls Protest Message
  5. Urban Legend - NASA Scientists Discover Biblical 'Missing Day'
  6. Windows Email Security Update Phishing Scam
  7. Does a Circulating Image Show A Rapist Coach Slashed by a Protective Mother?
  8. Hoax - 400 Marine Corps Dogs Need Homes
  9. Skype 'lol is this your new profile pic' Ransomware Warnings
  10. 'News Report' Claims Gonorrhea Spread Through Air
  11. DealsDirect Phishing Scam
  12. Facebook 'Blocked Account' Scam Email
  13. Bank of Queensland 'Security Message' Phishing Scam
  14. LinkedIn 'Invitation to Connect' Malware Emails
  15. Lloyds TSB 'Internet Banking Account Status' Phishing Scam
  16. NASA JPL Twitter Account Retweets Anti-Romney Material