Faked LinkedIn email targets bank account details
LinkedIn’s local office has acknowledged a sudden upsurge in email-borne attempts to dupe bank account log-ons and other details from its users.
The business networking site has 75 million members worldwide – 250,000 of whom are in New Zealand.
Networking company Cisco has circulated a security warning about the attack, saying:
Victims are emailed an alert link with a fictitious social media contact request … Clicking the link, victims are taken to a web page that says "PLEASE WAITING.... 4 SECONDS" and redirects them to Google.
During those four seconds, the victim's PC is infected with the ZeuS data theft malware by a drive-by download. ZeuS embeds itself in the victim's web browser and captures personal information, such as online banking credentials, and is widely used by criminals to pilfer commercial bank accounts.
Watch that address ... and be wary of people you don't know
Your correspondent has hand the bogus email (pictured above) land in his inbox multiple times; Twitter chatter suggests he's far from alone. Cisco said that, at one point in the early stages of the attack, the LinkedIn attack accounted for one in every spam messages sent.
Yesterday, a rep for LinkedIn’s Australia-New Zealand office confirmed the problem, telling NBR the company was “reaching back” to several customers who had contacted it about the issue.
The fake emails have realistic formatting, but are not sent to a member’s actual address, so check the details on your inbox address bar before you open any LinkedIn email.
The company also advises members to never click on a request to link from a person they have never heard of.
Yeah, I'm dumb
Stupidly, your correspondent did click on a link in one of the LinkedIn fake emails, despite Google Apps correctly consigning it to a Spam folder).
Luckily his antivirus software seems to have thwarted any attack, as his bank balance is no lower than usual.
NBR is in good company. PCWorld.com contributor Daniel Tynan confesses he also clicked on one of the fraudulent messages.