Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attack Targets LinkedIn Users With Fake Contact Requests

Posted by Soulskill on from the hello-sir-madam dept.

wiredmikey writes "On Monday morning, cybercriminals began sending massive volumes of spam email messages targeting LinkedIn users. Starting at approximately 10am GMT, users of the popular business-focused social networking site began receiving emails with a fake contact request containing a malicious link. According to Cisco Security Intelligence, these messages accounted for as much as 24% of all spam sent within a 15-minute interval today. If users click, they are taken to a web page that says 'PLEASE WAITING.... 4 SECONDS..' and then redirected to Google, appearing as if nothing has happened. During those four seconds, the site attempted to infect the victim's PC with the ZeuS Malware via a 'drive-by download' – something that requires little or no user interaction to infect a system."

5 of 122 comments (clear)

  1. Linkedin are just spammers anyway. by schon · · Score: 4, Informative

    Linkedin are just a bunch of spammers anyway.

    I got an email from them, claiming that someone I knew wanted me to join. It was a spammer - the "custom message" that was included was a single link to a spam site in China.

    The email had a "if this is spam..." report button, so I used it, and noted to linkedin that I didn't know the person, and it was *obviously* spam (the link was to a spam site.) Their automated system thanked me for reporting the abuse, and I thought that was the end of it.

    Two weeks later, I receive a "helpful reminder" from Linkedin, telling me that I hadn't confirmed or rejected the invitation. Not only had they not taken any action, they helpfully included the spam link, and seemed blissfully unaware that I had reported this spammer's account two weeks prior.

    Linkedin are just a bunch of scummy spammers. I blocked all email from their domain since.

    1. Re:Linkedin are just spammers anyway. by BitZtream · · Score: 5, Informative

      I blocked all email from their domain since.

      You do realize this current round isn't actually coming from LinkedIn right? Nor does it actually link back to their website?

      Ban their domains 18 ways to sunday, you'll still get the messages.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  2. Started before monday, today is the netflix spam by BitZtream · · Score: 3, Informative

    LinkedIn spamming started before today, I know as we've got several from last week.

    Today we started getting the netflix emails about 'lost in mail' disks for movies that haven't been requested and/or to users without netflix accounts.

    Way to notice whats going on guys.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  3. Re:NoScript FTW by bhcompy · · Score: 4, Informative

    Slashdot uses doubleclick.net, NoScript blocks that inherently. Thus, no one is tracking my habits without having to modify anything and I don't have to worry about completely disabling cookies so I don't need to re-login to every website I peruse.

    And that doesn't mention the XSS protection

  4. Re:NoScript FTW by pixelpusher220 · · Score: 3, Informative

    lets see the rankings:

    1. noob
    2. user
    3. 'expert' who *knows* they won't get busted
    4. actual expert who knows that any precaution is not fool proof and it's best not to proclaim how much better they are than others.

    See the bold mirror moron

    --
    People in cars cause accidents....accidents in cars cause people :-D