Scam Of The Week: Massive LinkedIn Spam Steals Passwords

"I feel like a complete idiot. I just got taken by a LinkedIn spam that may have just stolen my banking password."

LinkedIn.jpgThese words dropped in my inbox, written a while ago by Dan Tynan, columnist for PCWorld but I only saw them this morning. He continued with: "This is not the first time I've been an idiot or clicked on something I shouldn't. But this one could be really bad for me. Today, spammers using fake Linked-In invitationsattacked the Net in a massive way. How massive? According to Cisco Security, at one point today nearly 1 in 4 spam messages was a Fake LinkedIn invite. 

Linked-In spam is nothing new -- I wrote about it just last month-- but this attack was particularly nasty, because it can embed password-stealing malware into your browser without you realizing it.

My story: I saw several LinkedIn invites in my Gmail spam folder, and stupidly opened one of them inside Google Chrome. I even saw that the links inside the email were not to LinkedIn but to some oddly named third-party site. But curious about what would happen (and stupidly confident that my Kaspersky anti-malware software would protect me), I clicked it. My browser started to launch a new site, then quickly redirected to my home page.

Weird, I thought. I tried it again. Same thing happened. I figured that whatever site it was driving me toward had already been taken down by one of the anti-malware orgs like, and thought nothing more about it. An hour after that I received the following email from Cisco Security:

Starting this morning, at 10am GMT, cyber criminals sent spam email messages targeting the LinkedIn social media community.

Victims are emailed an alert link with a fictitious social media contact request. These messages accounted for as much as 24% of all spam sent within a 15-minute interval. Clicking the link, victims are taken to a web page that says "PLEASE WAITING.... 4 SECONDS" and redirects them to Google. During those four seconds, the victim's PC is infected with the ZeuS data theft malware by a drive-by download. ZeuS embeds itself in the victim's web browser and captures personal information, such as online banking credentials, and is widely used by criminals to pilfer commercial bank accounts.

Organizations should encourage individuals to delete such requests, especially if they do not know the name of the contact. This is the second spam attack this month, preceded by the "Here You Have" email worm a few weeks ago. Cisco expects to see more spam messages containing malware sent to organizations to collect personal information.


OK, I've done stupid things before, with and without computers. I have had many malware infestations, including one variant of the Cool Web Search spyware app that required three months of trying different anti-spyware tools before I could nuke it (Webroot's Spy Sweeper did the job then). But as far as I know I've never compromised my bank account information -- until now. 

I've been scanning my system using Kaspersky, and so far it hasn't detected anything out of the ordinary (which doesn't mean ZeuS isn't still lurking -- no anti-malware software is 100 percent reliable). I've already logged on from Firefox and changed my banking info -- but the folks at Cisco Security tell me that ZeuS might still be able to compromise my account.

Bottom line here: Don't do what I did. Delete any LinkedIn spam that looks even the slightest bit suspicious. Needless to say I won't be sleeping very well tonight. May you rest a bit easier."

Great story. It was true when he wrote it and will hold true for the years to come. 

Topics: Scam Of The Week

Subscribe To Our Blog

Get the latest about social engineering

Subscribe to CyberheistNews