Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Phony LinkedIn invitations lead to malware

When recipients click on the link, they are directed to a “notification” page that runs scripts looking for software vulnerabilities
When recipients click on the link, they are directed to a “notification” page that runs scripts looking for software vulnerabilities

The invitations and message notification look legitimate, but if the recipient clicks on the link, he or she is directed to a “notification” page that runs scripts looking for software vulnerabilities in Adobe Reader and Acrobat, as well as Microsoft Windows Help and Support Center in Windows XP, Avi Turiel, director of product marketing at Commtouch, explained in a blog.

“Of course the malware is hugely problematic – but another issue emerges from all of these phony LinkedIn invitations – they cause malware-aware users to be suspicious about genuine invitations!”, wrote Turiel.

Earlier this year, GFI Labs uncovered a LinkedIn email phishing scam that led victims to websites offering fake prescription drugs and male enhancement products. Like the Commtouch discovery, the fake drug scam involved bogus invitation reminders.

“While like most phishing emails, hovering your cursor over the URL will reveal that the link is fake, there are still people who see the LinkedIn branding and click, thinking it’s legit. What’s more unbelievable is that some of those people will actually stay on the site and buy something. As long as these tactics work, spammers and phishers will keep using them”, wrote GFI researcher Sue Walsh.