LinkedIn users targeted for spam attacks
Summary
Cybercriminals have targeted LinkedIn users in a concerted spam attack, according to Cisco security company IronPort.
Topics
Cybercriminals began a campaign Monday that targeted LinkedIn users in a concerted spam attack, Cisco senior security researcher Henry Stern told ZDNet UK on Tuesday. What differentiated the campaign from others was the scale of the attack and the fact that it targeted business users, he said.
"The combination of extremely high volume and the focus on business users suggests the attackers are interested in employees with access to online bank accounts," said Stern. "We've provided LinkedIn with the information they need to take action against the spammers."
At one point on Monday, over a quarter of the spam hitting Cisco nodes was due to this particular attack, Stern said, with billions of emails being sent. The emails were not targeted, but were designed for LinkedIn users to self-select, he added.
For more on this story, read Spammers try to dupe LinkedIn users in Zeus attack on ZDNet UK.
Just In
Over the last couple of months I've had the occasional spam posing as LinkedIn communication. Usually it appears to be headhunters. I'm normally a pretty placid guy, but I'd support the death penalty for spammers.
the article is wrong, linkedin users were NOT targeted, they were spoofed as the spammer, so you would click the link and be redirected to an infected website.
@bspurloc I agree that LinkedIn didn't have a leak of user info, so I see what you're saying, but they were targeting LinkedIn users in the sense that someone with no LinkedIn account is going to ignore the emails, whereas I might (in theory) not. I am targeted because it's me and my corporate bank accounts that they're after, those without LinkedIn accounts are collateral.
got two of them today....as usual I go to the site...not clicking the email links....guess what..no messages....
Thing is, I am not a member of LinkedIn. The email landed in my GMAIL spam box. I simply deleted it.
I do not use my corporate email account for LinkedIn, so it was pretty clear that the messages arriving via corporate email could not have originated from LinkedIn.
Why use a corporate account for LinkedIn, unless there's no concern for the boss snooping your LinkedIn alerts?
Why use a corporate account for LinkedIn, unless there's no concern for the boss snooping your LinkedIn alerts?
my spam filter has picked up close to 90 of them in the past few days. Occasionally one gets through, but I won't click on them.
The internet was the target of linkedin spoofed emails. Get your story right.
I occasionally see (what I consider to be) spam as posts to the groups discussions. Is this what this article is referring to?
@gscratchley
no these are emails that indicated they are from linked in community members.
no these are emails that indicated they are from linked in community members.
I started getting dozens of fake message updates. The first few said I had 2 messages and a name of someone at the top, I checked a few other emails with the same appearance but different names. The message looks like the one Linkedin sends when someone wants to add as a contact. Most were caught in the spam filter but a few made it to the suspect mail filter.
So much for the 'Senior Researcher's research... This is simply spam cloned in a standard Linked in format, I do have a Linked in account but none of them are coming to the email alias that I use for Linked in. These messages only come to my other email aliases.
Heck I got about 20 today and I dont even have a linkedin account, but from what i see they are not even a good spoof as the links provided show the accual site
Simply give some names and addresses, ammo is cheap and it prevents reoccurances of the offence.
I have received about 20 a day for the past week. I've never had a linkedin acct and never would so I would not ever be stupid enough to click these. (I always check the headers of suspicious emails anyway). All these are is a pain to have to delete and take up bandwidth. All are being sent to the same addresses as all my other spams - email addresses that years ago got posted unprotected on the web.
Well I do use the service, however I use the term "use" loosly. This type of event, regardless if it originates from spoofed addresses or if it is the target of this type of attack, is one of the primary reasons that I have only a cursory interest in networking sites, including LinkedIn. I think these bonehead spammers rely on the fact that you either have to be thouroughly throttled with a dumb stick, are working late into the night and are starting to fall asleep (compromising your normal thought patterns) or just don't know any better (aka ignorant) to fall for this kind of BS.
I almost want to applaud a spammer that actually puts a little effort into making a spoof actually appear real. At least I have a momentary bit of enjoyment figuring out if the e-mail is ligitimate or not. But when I see this canned spam spewing forth and there is barely an attempt to disguise it I just get enfuriated once again with these idiots that feel they need to clog up the internet with their trash.
I can only say that it is truly a shame that these spammers can't be caught and have all of their fingers amputated. I'm sure the internet would immediatly realize a performance improvement of unprecidented proportions.
I almost want to applaud a spammer that actually puts a little effort into making a spoof actually appear real. At least I have a momentary bit of enjoyment figuring out if the e-mail is ligitimate or not. But when I see this canned spam spewing forth and there is barely an attempt to disguise it I just get enfuriated once again with these idiots that feel they need to clog up the internet with their trash.
I can only say that it is truly a shame that these spammers can't be caught and have all of their fingers amputated. I'm sure the internet would immediatly realize a performance improvement of unprecidented proportions.
My account was suspended by LinkedIn as they later told me that my account was being used (somehow) to generate thousands of page views per day. I have no idea how this could have happened. Anyone have clarity?
Join the conversation!
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Facebook Activity
