| | | Effective PR

Fake LinkedIn e-mail draws in victims

Editorial Staff

Phishing scams are nothing new and nor are drive-by browser attacks. They usually involve a simple landing page injected into an insecure website which either effects the scam or attack or diverts the victim to another page. This one is different.

A search of LinkedIn generates no results for "Harris Harrison" of Unilever. So the idea that he - and eight other people - are waiting for responses from the recipient of the mail is strange. So is the fact that the victim may not, as in the case of the recipient who reported it to ChiefOfficers.Net had just cleared his inbox and there were no outstanding message.

The first hint that the mail is a fake is the outgoing e-mail address: metastasizesp2@soutohnos.com.ar which is said to belong to Harris Harrison LinkedIn.

The subject "LinkedIn new messages" is apparently innocuous.

The body of the mail is badly formatted: it appears as follows:

LinkedIn REMINDERS Invitation reminders: From Harris Harrison (DIRECTOR at UNILEVER) PENDING MESSAGES There are a total of 9 messages awaiting your response. Go to InBoxnow. Thismessage was sent to . Don't want to receive email notifications? Login to your LinkedIn account to Unsubscribe. LinkedIn values yourprivacy. At no time has LinkedIn made your email address available toany other LinkedIn user without your permission. © 2012, LinkedInCorporation.

The fake landing page is in the following domain: thelacemakersband.com

At first sight, it seems as if a genuine page may have been hijacked rather than a new page inserted. This would have the added advantage, from the attackers' point of view, that, in addition to the spam victims, genuine visitors to the site may happen upon the attacked page simply by browsing the site.