Friday, January 6, 2012

Fake LinkedIn Emails Link to Blackhole Exploit Sites Serving Malware

LinkedIn LogoDo you have a LinkedIn account?

You may want to think twice about clicking links within any emails that claim you’ve received a new message on the social networking site geared towards professionals.

Cybercriminals have been busy pumping out spam emails that pose as legitimate LinkedIn notices, enticing you to click on a link in order to read what message some random stranger has left for you.

In reality, the links will send you directly to a site housing a blackhole exploit kit that will attempt to take advantage of any system vulnerabilities in order to infect your PC with malware. This sneaky form of attack – also known as a “drive-by-download” –   is especially dangerous due to the potential of the attack being executed without detection unless your PC and antivirus software is up-to-date.

Although the spammers did a good job crafting the bogus LinkedIn notices – LinkedIn logo at the top left, familiar blue coloring, no obvious spelling mistakes, disguised links and even a spoofed sender’s address – it’s pretty easy to spot the fake emails when you see them.

How can you tell the real from the fake? That’s easy.

The REAL emails include the subject and body of the message that was sent to you on LinkedIn. The FAKE emails only have a date and invitation to click on a link in order to read the message.

Here’s a comparison of the real email vs. the fake. Note that the crook has disguised the malicious URL to make it appear as if points to the LinkedIn website:







FAKE LinkedIn MessageREAL LinkedIn Email

Always be sure to hover over links to check the real destination URL and feel free to investigate any suspicious looking URLs before actually clicking on them.

Have you received any questionable emails claiming to be from LinkedIn or LinkedIn users? Share your experience below!

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

No comments:

Post a Comment