Why Scammers Target LinkedIn Users – and How to Stop Them

Security tips for the four most common types of LinkedIn scams: Internet Scambusters #436

LinkedIn, the social networking site that connects business
people, professionals and academics, is potentially a prime
target for scammers.

Users may be relatively well-off but there’s no reason to
believe they’re any more scam-savvy than anyone else!

So, in this week’s issue, we highlight the four most common
types of LinkedIn scams, offer our own security tips, and show
you the way to get more help from the service itself.

First, we recommend you check out the most popular articles
from our other sites during the past week:

Extended Warranties: Are They Worth It? Part I: Take a closer look at the concept of extended warranties to see if they’re really going to save you some money.

Unique Scrapbook Ideas for Any Occasion: Check out these fun new scrapbook ideas that you may have never considered before.

Lost in Cyberspace: A Safety Plan for Emailing Photos: Easy tips to keep emailing photos a fun, easy, and effective way to share your memories.

Pulmonary Hypertension – The Misunderstood Form of High Blood Pressure: Learn the causes, symptoms, and treatments for pulmonary high blood pressure and improve your health.

On to today’s main topic…


Why Scammers Target LinkedIn Users – and How to Stop Them


Although it’s small fry by Facebook and Twitter standards, the
social media marketing and networking site LinkedIn is still a
big fish for scammers and spammers (misspelled
intentionally) — because most of its members are
professionals, businesspeople and academics.

That usually means they’re relatively prosperous and on the
lookout for opportunities, both mouthwatering attractions for
crooks.

As one technology consultant at security vendor Sophos
recently pointed out: “By using this mechanism, the criminals
know they’re talking to people who aren’t 13-year-olds, but
people with money in their pockets.”

LinkedIn, which has an estimated 60 million members worldwide,
has taken strenuous action both to halt the scammers and to
enable members to select privacy levels that offer a high
degree of protection.

Even so, as any savvy Internet user knows, you can’t keep the
scammers out, especially when they pose as legitimate members
wanting to link up with people supposedly with the same
interests as them.

With that in mind, here are the four main types of scams you
might encounter on the social network site, together with
tips, including guidance from LinkedIn themselves, on how to
avoid getting caught.

Data Theft Malware

Towards the end of 2010, crooks aimed a new data theft program
at LinkedIn users by sending a spoof email requesting
recipients to accept a new contact or notifying them of new
messages on their accounts.

According to network specialists Cisco, anyone who clicked on
the link in the email, got a brief message saying, “Please
waiting… 4 seconds” before being taken to their browser home
page.

That action may merely have puzzled the users, but during
those four seconds a malware program known as ZeuS installed
itself on their PCs, embedded itself in their browsers, and
stole confidential information — including details of bank
accounts and passwords.

Since many users would have received this spammed message at
work, Cisco said the malware was probably also aimed at
stealing commercial banking information, making it potentially
extremely dangerous.

Action: As with any other type of spam, or even email messages
that seem legitimate, you can avoid this malware infection by
not clicking on links. Instead, go to linkedin.com via your
web browser’s address bar and check contact and message
details there.

LinkedIn and Plaxo Spam

The ZeuS attack was just one example of the heavy spamming
that targets professionals at the likes of LinkedIn and
another popular social network site, Plaxo.

Some of them link to malware sites but the majority peddle
phony pharmaceuticals, where the biggest risk is that you’ll
get nothing for your money, while you’ve handed over your
credit card details to an identity thief.

Again, these messages are often disguised as contact requests
but either contain a link to the scammers’ website or
blatantly contain an ad in the body of the message itself.

It’s important to point out that such spam messages may not
originate or travel within the LinkedIn system. They can be
sent out at random to anyone and everyone with the knowledge
that some recipients are bound to be LinkedIn members.

Action: As above — don’t click on those links! And never
respond to spam messages.

Bogus Jobs and Advance Fee Scams

Once scammers and spammers are inside the system — and it’s
relatively easy for anyone to join up — they can send
targeted messages (see also the next item) or post bogus jobs
intended to harvest personal info for identity theft.

LinkedIn is pretty fast at clamping down on these abuses,
which, in the past, have included ads for bogus mystery
shoppers and Nigerian 419 and advanced fee scams, but it’s
smart to be aware of them.

Need to know more about these particular scams? See these
earlier Scambusters reports.

The Nigerian Advance Fee Scheme

How to Spot Bogus Documents and Fake Check Scams

Mystery Shoppers Scams: 7 Ways Crooks Try To Fool You

LinkedIn as a Source for Spear Phishing

As we wrote in an earlier report, Whaling? These Scammers Target Big Phish, spear phishing is a
specialized form of information theft that targets specific
individuals, especially senior business people (referred to as
“whaling”).

Since many of them use LinkedIn, what better source of
information for names and job titles?

For instance, anyone registered on LinkedIn can search the
site by company name, and it returns a list of employees from
that company who are members.

In one case we tried, using the name of a well-known
technology company, we learned the firm had many thousands of
global employees using the site, which then proceeded to list
the first 100, their location and their job titles. Paying
subscribers can view more — up to 700 at a time.

You can also send a message directly to any one of them, if
you have a paid subscription, though LinkedIn won’t give you
their email address.

Action: Hiding your personal details is an option on LinkedIn
but that seems to defeat the aim of the site, which, after
all, is to network, though you may consider using just the
initial of your last name or even just your job title.

Just be aware that your information is there for all to see
and follow our guidance about not clicking links.

And if you’ve posted your photo, ask yourself this question:
Why did you do that? It’s just one more theft-worthy piece of
data. It’s not likely to enhance your employability or
contactability, is it?

More Tips on Avoiding LinkedIn Scams

  • Post as little information about yourself as you need to
    achieve your aims in being a member.

  • Be wary about unsolicited contact requests from people you
    don’t know. Go to LinkedIn.com and search on their name. Check
    them carefully, along with the names of others they’re linked
    to. If in doubt, don’t link.

  • Never pay for job applications or provide confidential
    information about yourself to a prospective employer until
    you’ve thoroughly checked them out.

  • Use LinkedIn’s privacy controls. With these you can turn off
    your activity broadcasts, decide who can see your activity,
    control what information others see about you and select who
    can view your connections.

    To do this, on your “Home” page, click your name at the top
    right of the screen and select “Settings.” Privacy controls
    are listed towards the bottom of the page.

  • Check out LinkedIn’s own “Top 10″ security tips, Account Security and Privacy Best Practices.

If you suspect a scam on the site, report it to
abuse AT linkedin.com and if you have other security concerns,
you can contact the site’s customer service department.

As everyone knows by now, social networks have become prime
targets for scams of all types, but especially for identity
theft and spam.

The guidance we’ve provided here, though aimed at LinkedIn
users, applies to most of the others too. Use it and protect
yourself.

Time to close — we’re off to take a walk. See you next week.