Phishing attackers are always looking for a new angle, and the latest attacks making the rounds look to fool victims using LinkedIn Reminders as their angle. Unlike so many other phishing attacks that are seen every day, these actually look pretty good – in fact, almost better than the real ones!

If you are a LinkedIn user, you probably get an occasional invite asking you to connect with someone. Maybe it’s a coworker, a vendor or a customer, or maybe it’s someone you’ve never even heard of before – that happens quite frequently in fact. While you’d respond immediately to the requests from people you know, you’d probably let the ones you don’t recognize sit for a while, and plan to get around to them when you have some free time.

Fast forward a couple of days and LinkedIn will send you a reminder email that you have an invite pending. Again, that’s no big deal and most of have probably seen these before. It’s the run of the mill nature of these reminders that is being exploited in this new phishing campaign.

The attacker(s) are sending fake LinkedIn reminder messages that, at first glance, look more authentic than the real thing. The first one I got almost fooled me! Fortunately I am just in the habit of looking at URLs when I mouse over links and that is what saved me. Each one of the links goes to some site in China hosting malware or a fake login page. Here’s what the fake message looks like:

And here’s what the real one looks like:

There are three things to focus on:

  1. The From address does not match typical LinkedIn emails, which use a no-reply address in their domain.
  2. In the fine print, it looks like the attacker’s script had an error, as it says “This message was sent to .” Notice, there is nothing after the “to” but a period.
  3. If you mouse over the links, none of them go to LinkedIn pages. All go to some site in China.

Of course, the above are just screenshots and not the real messages. We don’t want someone to accidentally click a link in the fake message. I also changed the From name to protect the innocent.

Email admins need to be aware of these attacks, key in on the wording that can be used to update filters, and also to raise awareness amongst their coworkers. I expect that more people use their personal email for LinkedIn than their business address, and awareness is going to be the best line of defense against these sorts of attacks. Help your uses protect themselves by sharing this article, or sending your own “heads up” so they know about this before they become a victim.


Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!


Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.