Information Hub‎ > ‎The Bad Guys‎ > ‎Examples Index‎ > ‎

LinkedIn

Update 03-16-2016
As the world's largest professional networking group, it is a surprise that LinkedIn's name would be used by the Bad Guys as a rich target to go after?

Example 1:  A message with a link
                   Note: [e-mail 1] is your full e-mail address without the @domain.com
                            [e-mail 2] if your fill e-mail address
                            [e-mail 3] is your e-mail address without domain but with capitals
                                            and special characters changed to space
       ----------
       Linked InNotify <likely bogus e-mail address> -or-
        Support <likely bogus e-mail address>
        New private mail only for [e-mail 3]   (may simply show "You have a new message")

        To: [e-mail 2]

        ______________________________________________________________________________________________

        LinkedIn    (size of the letters may vary including the space below the letters)

        To: [e-mail 3]
        From: Support (only seen if e-mail indicates being from support otherwise not included)
        Date: <actual date sent>
        Subject: New mail

        http://coopera.com/wp-content/<rest hidden>?to=[e-mail 1]&message=baf2d92 -or- 
        http://avtozvuk60.ru/<rest hidden>?to=[e-mail 1]&message=718e25
        [View/reply to this message]

        This e-mail was intended for [e-mail 1].  Learn why we included this.  (C) 2016, LinkedIn Corporation.
        2029 Stierfin Ct, Mountain View, CA 94043, USA
      
      ----------  

       WHAT'S GOING ON HERE:
  1. The Bad Guys are betting you won't try to reply to this e-mail address.  Do not be surprised if your reply e-mail cannot be delivered.  e-Mail addresses are often different including country of orgin.
  2. Notice the heading which starts "Linked InNotify"  When would LinkedIn start
    spelling their valued name incorrectly?  Apparently done by a "non-employee".
  3. Notice the "New private mail only for" and "To:" with the e-mail address lacking the domain name and has all special characters removed and replace with a space.
    Why?  There is no need except to make you think this was personalized for you.
    Visit 
    TheCTGroups.org/info/TheBadGuys/domains to "decode" the letters after the last period in the web link to see country or orgin or type of user.
  4. Notice the first link (underlined, colored light blue).  Why does LinkedIn not use a message stored on LinkedIn's servers for security?  Why would the domain name of the e-mail address again be removed?
  5. Why do they need to prompt us to [View/reply to this message]? 
  6. Why do they need to state for whom this e-mail is intended for?
  7. Would you be surprised to learn the link behind "Learn why we included this." is the same link they show above?
  8. The copyright notice is a cheap "mind game" trick copied from LinkedIn's corporate web page to project an image of legitimacy.   They were too lazy to copy the LinkedIn logo and attach it.  Every company will display their corporate logo!

    SURE FIRE WAY TO VALIDATE THIS MESSAGE?
    1)  Is this the e-mail you used for LinkedIn.  If not, it's bogus ... DELETE IT!
    2)  If it is (and this one was NOT), go into LinkedIn and locate the message there.
         If one is not there, it's bogus ... DELETE IT!

    Would setting your firewall/anti-virus to reject e-mail from the sending address help?  NO as the e-mail address is most likely bogus.  Setting it to block the
    senders domain may block legitimate e-mails causing you pain
    , not them.