Issue 142 - Novemeber 2012 (1st Edition) - Page 14
LinkedIn 'Invitation to Connect' Malware Emails
Email purporting to be from business focused social network, LinkedIn asks recipients to click buttons to accept or ignore an invitation to connect to a LinkedIn user.
The message is not from LinkedIn. Links in the message open various compromised websites that redirect to sites that harbour malware. This malware campaign is very similar to another current campaign that uses fake 'blocked account' notifications purporting to be from Facebook. If you receive one of these messages, do not follow any links that it may contain.
Last updated: October 17, 2012
First published: October 17, 2012
Article written by Brett M. Christensen
Research by Brett Christensen, Matthew Christensen
About Brett Christensen and Hoax-Slayer
Hi [email address removed]
David sent you an invitation to connect 4 days ago. How would you like to respond?
Accept Ignore Privately
OfficeMax (Divisional Managing Director)
This email, which masquerades as a member invitation from popular business focused social network LinkedIn, asks recipients to respond to the invitation by clicking either "Accept" or "Ignore". The message also includes an unsubscribe link and a link supposedly leading to more information about the message. The email includes the LinkedIn logo and looks very similar to a genuine LinkedIn invitation message.
However, the message is not from LinkedIn.
All of the links in the message lead to compromised websites that have no connection to LinkedIn. Once a user lands on one of these websites, they are given the message, "Please wait.....connecting to server". The site then redirects to a another website that harbours malware. Typically, it appears that the sites contain a version of the criminal toolkit known as the BlackHole Exploit Kit. BlackHole is a web application used by criminals to exploit browser vulnerabilities as a means of downloading and installing trojans and other types of malware.
Facebook users are also currently being targeted in a very similar malware/phishing campaign in which they receive fake "blocked account" notifications
purporting to be from "The Facebook Team". And another recent BlackHole campaign
used fake emails claiming to be from payroll company ADP.
In fact, LinkedIn has regularly been targeted in such malware and phishing attacks. A similar distribution of bogus LinkedIn invitations
took place back in September 2010, and there have been various other such attempts
since. Always ensure that LinkedIn messages are really from LinkedIn. Scam emails often use HTML to disguise links
in their bogus messages. Holding the mouse cursor over a link in the email should display the underlying web address in your email client's status bar and allow you to easily detect if the link is disguised.
It is always safest to login to all of your online accounts by entering the account web address into your browser's address bar rather than by clicking a link in an email.
Facebook 'Blocked Account' Scam Email
ADP 'Transaction Reports' Malware Email
Fake LinkedIn Invitation Emails Point to Malware
Fake LinkedIn Email Leads to Pharmacy Spam Websites
Check Links in HTML Emails
Pages in this issue:
- Spiderman Window Cleaners Picture
- Post Circulating Rekindles a 1990's Anti-Margarine Email
- Rey Mysterio is NOT Dead
- UN Observers at USA Polls Protest Message
- Urban Legend - NASA Scientists Discover Biblical 'Missing Day'
- Windows Email Security Update Phishing Scam
- Does a Circulating Image Show A Rapist Coach Slashed by a Protective Mother?
- Hoax - 400 Marine Corps Dogs Need Homes
- Skype 'lol is this your new profile pic' Ransomware Warnings
- 'News Report' Claims Gonorrhea Spread Through Air
- DealsDirect Phishing Scam
- Facebook 'Blocked Account' Scam Email
- Bank of Queensland 'Security Message' Phishing Scam
- LinkedIn 'Invitation to Connect' Malware Emails
- Lloyds TSB 'Internet Banking Account Status' Phishing Scam
- NASA JPL Twitter Account Retweets Anti-Romney Material