Phishing

Rise in mass phishing scams target LinkedIn users after data leak

If you use the employment themed social media site LinkedIn, you should be on the lookout for a surge of phishing scams targeting you.

Last week, a large amount of personal user data was being sold via underground hacker forums. And by large amount, we’re talking around half a billion people. So a lot.

And after analysis, it appears much of that data was leaked from the LinkedIn platform. How crooks managed to get their hands on this data is not definitively known, but it appears as if it was through a large data-scraping operation, as opposed to a data breach.


Sponsored Content. Continued below...




That means cyber crooks didn’t “hack” into LinkedIn’s servers to retrieve data on its users. Rather they employed automated “scraping” software to search for, retrieve and store any public facing information that users had on their profiles. Basically data scraping exploits the unfortunate fact that many of us just share a little too much (or far too much) about ourselves online.

And now, according to the Bitdefender Antispam Lab, that data is being used to launch a number of different phishing scams against LinkedIn users. And as we’ve warned many times on this site, a phishing scam that includes personal data of the intended victim is far more convincing that the usual mass-emailed generic phishing scams we encounter all of the time.

According to Bitdefender, one such phishing email poses as a LinkedIn friend invites from “Kate”, a Sales Manager. Clicking the attached HTML file loads a spoof LinkedIn webpage that steals user’s login credentials when entered.

LinkedIn users may also see a significant rise in spam emails as their data is auctioned off to marketing companies.


Sponsored Content. Continued below...




The scraped data can include a user’s full name, email address, phone number, gender, professional titles, job related information, employment related information and social media profiles.

That’s plenty of information for crooks to work with when trying to craft some convincing phishing scams.

So be on the lookout and be wary of any unexpected emails landing in your inbox, especially if they’re asking you to open attachments (don’t) or click on links (don’t – and if you do, always check the web address at the top of the browser.) More information on avoiding phishing scams can be seen here.

Also, it might be a good time to check up on what you’re sharing on social media platforms. We concentrate so frequently on our Facebook privacy settings, often other platforms (like LinkedIn) slip through the gaps!

Share
Published by
Craig Haley