I was just writing an article about social media scams for a financial client’s website when I got an email from a LinkedIn connection about an “Incredible Opportrunity!” Now the offer was from a graphic designer so my spelling expectations weren’t high — but the connection was not one I’d expect to contact me about a business opportunity.
Forewarned by my research, I didn’t open the email. Instead I sent her an email from the address in my contact book asking her if she’d been hacked. Sure enough, all of her LinkedIn connections had received the same fraudulent offer — and she was at a loss as to what to do.
According to Symantec, there was a 70% increase in scams distributed by social media in 2015. LinkedIn’s more than 400 million members make attractive targets (by definition they have income or career ambitions).
A recent article in PC World noted, “there are multiple cases where attackers have used fake LinkedIn profiles to gather sensitive information about organizations and their employees. Knowing who is the manager of a particular department in a company or who is a member of the organization’s IT staff can be very useful in planning targeted attacks.”
In many instances, the phishing email is from an enterprising third-party marketer who gets paid for generating clicks — by clients who apparently don’t care about the quality of the clicks. In either case, it’s a misuse of LinkedIn that ought to be reported.
LinkedIn posted a warning in December 2015 cautioning members to beware of phishing messages that:
- Contain bad spelling, grammar and aren’t addressed to you personally.
- Request you to act immediately.
- Instruct you to open an attachment or install a software update.
- Say they’re from “The LinkedIn Security Team” but have no security footer with your name and title
If you receive a phishing messages via LinkedIn, you’re encouraged to notify LinkedIn with an email to: firstname.lastname@example.org.