Lately I’ve been receiving, what appears to be, a lot more phishing emails than I used to. Some are quite good, while others are obvious fakes. Either way, spoofing trusted brands to get emails read and acted upon appears to be the way to go—if you’re a career cyber-criminal.
Just the other day, this email supposedly from “LinkedIn” appeared in my inbox:
At first, the subject line startled me. I immediately thought, “What do you mean my LinkedIn account is locked!” Then I glanced at the email more closely. It’s an obvious fraud; but it did get my attention. Let’s look at it more closely.
Notice that the email address shown is from Linked!n (the scammer used a exclamation point [!] instead of an I—a sure sign of a scam. It is common for criminals to spoof named brands by using symbols or a combination of letters to fool people that aren’t looking closely (for example: rn [using a lower case r and n to look like the letter m]).
The subject line is good—short and to the point while eliciting high emotion. Social Engineers are masters at pressing emotional buttons to get immediate responses. The less the user thinks the better the scam works. If you see a subject line like this—stop, take a deep breadth and analyze. Don’t act impulsively.
The body of the email is poorly written and punctuated. This is not something that LinkedIn would ever put out as an official reply. Poorly written emails are usually a dead giveaway to a scam.
Let us look at the link that the scammer wants you to click. If you hover your mouse over the “GET STARTED” link (DO NOT CLICK!), most email clients will show you the destination URL. In this case, it is a short URL using the shortening service, Bitly.
The scammer obviously does not want you to know where the link is actually going since the plan is to drive you to an infected site where it will download malware to your machine. Suffice to say―never click on any links in a suspicious email and certainly not a shortened link used to hide the true destination.
I used a short URL expander to look at the link more closely. The real URL is:
According to McAfee’s SiteAdvisor, this website is identified as dangerous:
Here’s my advice:
- Fight the impulse to act when you receive an email with a provocative subject line and/or body text. Instead: look, analyze then delete it from your inbox.
- Because of ever-changing virus definitions and the fact that scammers can create infected websites very quickly, your anti-virus program in many cases won’t protect you. Never rely on anti-virus programs alone―vigilance is key to security.
Don’t be a victim.
XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 300+ Petabytes of data with over 800 employees and 9 offices around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause.