Scammers have targeted business-oriented LinkedIn users with a malicious invitation email meant to steal their sensitive authentication details, according to Bitdefender Anti-Spam Labs.
The email, which claims to be from the popular business social network LinkedIn, replicates the original invitation email, but the extra letters and the senderâ€™s name ruin the disguise of an otherwise valid-looking letter.
The message is signed by the alleged manager of a coal and mineral Ukrainian manufacturer by the name of â€œSally Emily.â€
Clicking Accept or View Profile takes users to a fake login page, supposedly verified by a certified antivirus provider. Once users hand over their LinkedIn username and password, they are redirected to the authentic LinkedIn login page.
Scammers grab usersâ€™ domains from their email address and can impersonate them to launch ongoing spam campaigns targeting their LinkedIn connections, collect more personal data or damage their online reputation.
The emails seem to come from servers in Chile, while the servers hosting the phishing website are from Luxembourg.
Bitdefender advises users to be cautious and use an anti-malware solution with anti-spam capabilities and a malware filter to scan links. Also, check the validity of the senderâ€™s email address and look out for spelling and grammar mistakes. And never open unrequested attachments or links in unsolicited emails, even if they seem to come from reputable brands and companies.
This article is based on spam samples and technical information provided courtesy of Ionut-Daniel RAILEANU, Bitdefender Spam Researcher.