LinkedIn Phishing Scam: Motives Unclear, but Still a Threat
Adrien Gendre
—February 28, 2017
—2 min read
We seem to write about a new phishing or spear phishing scam every day. This latest LinkedIn phishing scam has all of the classic signs of phishing. It comes from a suspicious sender, has bad grammar, and even uses an urgent call to action to scare victims into clicking the link.
A link that appears to go to a blank page hosted by Linkedin. The motives for this attack remain unclear, and it could signal a larger threat in the future.
LinkedIn phishing: this scam has all the signs of a standard phishing attack…
Suspicious Sender
The latest LinkedIn phishing scam entices victims with an urgent subject line stating, “Important User Alert”. Although this subject line seems legitimate, anyone with phishing training who is paying attention would notice that it comes from a suspicious email address, “linkedin.customerservice.us1@fsr.net”. Even if, “linkedin.customerservice.us1,” is convincing enough for users to open the email, the “fsr.net” should be a red flag that something is not right.
Generalized Introductions
The email begins with, “Dear valid LinkedIn user,” which doesn’t seem that strange. However, LinkedIn knows it’s users’ names and has the tools to address their users by name in any email they send. These types of generalized introductions are often utilized in “spray and pray” phishing attacks because hackers can send one email to thousands in the hopes that someone will fall for the attack.
Urgent Action and Terrible Grammar
The content of the email threatens that users could lose privileges and access to their LinkedIn accounts unless they click on an enclosed link. One portion of the email reads:
The email continues in the same fashion with rampant grammatical errors and strange capitalization, another indication that the email isn’t really from LinkedIn. LinkedIn is a well-established brand owned by Microsoft; they hire better copywriters than that.
…but the link doesn’t lead anywhere.
The strangest thing about this particular phishing scam is that the link leads to a blank LinkedIn page. This could be for a number of reasons, including:
- The fraudulent login page could be unfinished
- The hackers could have sent out an incorrect
- A page might originally have been malicious but was shut down by LinkedIn.
- The hackers are simply testing out their technique to see if they can set themselves up for a larger malicious campaign.
It’s this last item that should be most concerning to system admins and security professionals. This phishing attack, despite its apparent clumsiness, easily sailed past the vast majority of email security filters. Had this been a real attack, it could have leveraged a myriad of social and technical vulnerabilities to do great damage. Maybe next time they will.
Although this attack is seemingly harmless, it is important to understand what kind of data breaches could have taken place.
Protect Against Phishing with Vade
Vade Email Security Suite detected this LinkedIn phishing attack early on and prevented the email from entering our users’ inboxes.
Vade can protect your organization from spear phishing and zero-day attacks with our artificial intelligence engine.
In addition to these kinds of phishing attacks, Vade can also protect your organization from spear phishing and zero-day attacks. Our artificial intelligence engine analyzes billions of emails every day for subtle technical and behavioral factors that signal cyber-attacks. Our algorithms are constantly improving thanks to this avalanche of data. This machine learning is supplemented by our 24/7 email security team that constantly tracks new variations of malware and phishing scams.
Vade can be used as an additional layer of security on top of your existing solution or as a stand-alone email management solution.
Ready to protect your organization from phishing, spear phishing, and zero-day attacks? Contact us today to find out more about our solution.