Update 03-16-2016As the world's largest professional networking group, it is a surprise that LinkedIn's name would be used by the Bad Guys as a rich target to go after?
Example 1: A message with a link
Note: [e-mail 1] is your full e-mail address without the @domain.com
[e-mail 2] if your fill e-mail address
[e-mail 3] is your e-mail address without domain but with capitals
and special characters changed to space
Linked InNotify <likely bogus e-mail address> -or-
Support <likely bogus e-mail address>
New private mail only for [e-mail 3] (may simply show "You have a new message")
To: [e-mail 2]
LinkedIn (size of the letters may vary including the space below the letters)
To: [e-mail 3]
From: Support (only seen if e-mail indicates being from support otherwise not included)
Date: <actual date sent>
Subject: New mail
http://coopera.com/wp-content/<rest hidden>?to=[e-mail 1]&message=baf2d92 -or-
http://avtozvuk60.ru/<rest hidden>?to=[e-mail 1]&message=718e25
[View/reply to this message]
This e-mail was intended for [e-mail 1]. Learn why we included this. (C) 2016, LinkedIn Corporation.
2029 Stierfin Ct, Mountain View, CA 94043, USA
WHAT'S GOING ON HERE:
- The Bad Guys are betting you won't try to reply to this e-mail address. Do not be surprised if your reply e-mail cannot be delivered. e-Mail addresses are often different including country of orgin.
- Notice the heading which starts "Linked InNotify" When would LinkedIn start
spelling their valued name incorrectly? Apparently done by a "non-employee".
- Notice the "New private mail only for" and "To:" with the e-mail address lacking the domain name and has all special characters removed and replace with a space.
Why? There is no need except to make you think this was personalized for you.
Visit TheCTGroups.org/info/TheBadGuys/domains to "decode" the letters after the last period in the web link to see country or orgin or type of user.
- Notice the first link (underlined, colored light blue). Why does LinkedIn not use a message stored on LinkedIn's servers for security? Why would the domain name of the e-mail address again be removed?
- Why do they need to prompt us to [View/reply to this message]?
- Why do they need to state for whom this e-mail is intended for?
- Would you be surprised to learn the link behind "Learn why we included this." is the same link they show above?
- The copyright notice is a cheap "mind game" trick copied from LinkedIn's corporate web page to project an image of legitimacy. They were too lazy to copy the LinkedIn logo and attach it. Every company will display their corporate logo!
SURE FIRE WAY TO VALIDATE THIS MESSAGE?
1) Is this the e-mail you used for LinkedIn. If not, it's bogus ... DELETE IT!
2) If it is (and this one was NOT), go into LinkedIn and locate the message there.
If one is not there, it's bogus ... DELETE IT!
Would setting your firewall/anti-virus to reject e-mail from the sending address help? NO as the e-mail address is most likely bogus. Setting it to block the
senders domain may block legitimate e-mails causing you pain, not them.