We’ve noticed in the last week there’s a new email phishing campaign that uses emails masquerading as LinkedIn connection requests.
Although most tech savvy users long ago learned email best security practices (don’t click on links in emails unless you’re absolutely sure you know the source of the email), sometimes we get lulled into complacency and automatically click on links from trusted sources.
Most of us are probably keenly aware of the usual we’re-going-to-close-your-bank-account-and-lock-up-all-your-money emails that pretend to be from financial institutions and delete them out of hand. But many of us might have fallen into the trap of automatically clicking on links that seem to be from the social sites we use–especially when the email looks like the real thing.
The phishing emails we’ve been seeing that purport to be from LinkedIn look exactly like any other connection request from the social network. In the emails we’ve received, it appears as if the parties behind the phishing attempts have gone to the trouble of actually looking at our LinkedIn profiles, since the “connection requests” always come from people with tech creds, which would be normal for people wanting to connect with us. However the links to accept the requests or to view the profiles don’t point to LinkedIn.
So far, we’ve received emails that link to sites with top level Russian and Polish domains (.ru and .pl) and a .com address that’s registered to an organization in San Jose through a domain registration service in Australia. It’s not clear whether the purpose behind these attempts is merely spam for ecommerce sites or something more malicious.