It looks like website spoof/phishing attempts are on the rise again. I received 2 emails today claiming to be reminders from LinkedIn about some invitations to connect and join professional groups. These invitations looked fairly genuine, except that I didn’t remember receiving the original invitations.
Hopefully, your spam program will catch these emails and deal with them in the manner they deserve, but occasionally they can get through to your inbox. So beware!
How can I spot a fake LinkedIn invitation?
It’s easy to click links if you’re in a hurry and if they look like they are from a site that you are a member of, but there are usually a couple of tell-tale signs that should raise alarm bells…
- If you float over the links in the email they will point to linkedin.com (or a sub-domain of linkedin.com) if they are genuine. If they point to another website then the email is probably a fake;
- If you don’t remember receiving an invitation from the person in the first place, then it is likely that this one is a fake. Indeed, if you log in to your LinkedIn account (not via the email) and take a look at your invitations (in your Inbox) then you should see it there;
The very least that will happen is that you will deliver a little traffic and ad impressions to a website you will almost certainly have no interest in.
There might just be some tracking mechanism on the links so that if you click them the spoofer will know you are likely to be a member of LinkedIn AND you are vulnerable – so they will try it again with something more devious.
It is possible that the spoofer becomes a phisher and presents you with a website that looks incredibly similar to the real LinkedIn website. They will present you with what looks like a LinkedIn login screen, and when you enter your username and password… bam, they have your access details!
The moral of the story
Be careful. Be suspicious. Don’t believe everything that is sent to you.
I recently received an email from a client asking for advice. She had received an email from a domain registration company saying that her domain name was due for renewal very soon and that she needed to take swift action to avoid losing the domain. The only problem with this was that they were asking $75 per year for the registration AND it wasn’t even a domain she owned in the first place. Rather cunningly, they had chosen a domain name the same as her own, but with a different tld (so she owned domainname.com, for example, and they suggested that she needed to renew domainname.fr). They had even gone to the trouble of ‘scraping’ her own website home page and setting it up to look just the same on the site they were asking her to renew. So, when she clicked the link to ‘her’ website it really did look just like her own website.
So the moral of this sub-story is to know what domain names you have registered AND know who your domains are registered with AND understand that domain names typically don’t cost $75 per year.