Spoof LinkedIn invitation
It looks like website spoof/phishing attempts are on the rise again. I received 2 emails today claiming to be reminders from LinkedIn about some invitations to connect and join professional groups. These invitations looked fairly genuine, except that I didn’t remember receiving the original invitations.
Hopefully, your spam program will catch these emails and deal with them in the manner they deserve, but occasionally they can get through to your inbox. So beware!
How can I spot a fake LinkedIn invitation?
It’s easy to click links if you’re in a hurry and if they look like they are from a site that you are a member of, but there are usually a couple of tell-tale signs that should raise alarm bells…
- If you float over the links in the email they will point to linkedin.com (or a sub-domain of linkedin.com) if they are genuine. If they point to another website then the email is probably a fake;
- If you don’t remember receiving an invitation from the person in the first place, then it is likely that this one is a fake. Indeed, if you log in to your LinkedIn account (not via the email) and take a look at your invitations (in your Inbox) then you should see it there;
What’s the danger if I click one of these links?
The very least that will happen is that you will deliver a little traffic and ad impressions to a website you will almost certainly have no interest in.
There might just be some tracking mechanism on the links so that if you click them the spoofer will know you are likely to be a member of LinkedIn AND you are vulnerable – so they will try it again with something more devious.
It is possible that the spoofer becomes a phisher and presents you with a website that looks incredibly similar to the real LinkedIn website. They will present you with what looks like a LinkedIn login screen, and when you enter your username and password… bam, they have your access details!
The moral of the story
Be careful. Be suspicious. Don’t believe everything that is sent to you.
Something similar…
I recently received an email from a client asking for advice. She had received an email from a domain registration company saying that her domain name was due for renewal very soon and that she needed to take swift action to avoid losing the domain. The only problem with this was that they were asking $75 per year for the registration AND it wasn’t even a domain she owned in the first place. Rather cunningly, they had chosen a domain name the same as her own, but with a different tld (so she owned domainname.com, for example, and they suggested that she needed to renew domainname.fr). They had even gone to the trouble of ‘scraping’ her own website home page and setting it up to look just the same on the site they were asking her to renew. So, when she clicked the link to ‘her’ website it really did look just like her own website.
So the moral of this sub-story is to know what domain names you have registered AND know who your domains are registered with AND understand that domain names typically don’t cost $75 per year.
Timely reminder Martin these fake requests go in circles I think. Been close to requests re domain names which was to encourage me to change my registrant details. Only spotted it at the last minute! Are there ways we can stop people ‘scraping’ emails and web addresses?
If you really do want to display your email address on your website there are a few email obfuscation plugins for WordPress, and similar javascript code snippets for other website platforms. Email obfuscation works by using an algorithm to jumble up email addresses so that they ‘auto-magically’ look ok to real visitors, but not to spambots.
This isn’t a rock solid solution, but it should prevent a lot of email harvesting.
You could use Captcha’s, but I’m happy to display email addresses on my website as I think the burden of responsibility should be on the website owner and not genuine visitors to prove their legitimacy.
With regard to the scraping of your website content – there’s not a lot you can do to protect it. There are services that scan the web to find likely duplicates of your content (which one might use to determine if ones blog posts have been copied). There are also ways to prevent ‘hot-linking’ of images (which means other sites using your images on their own site).
Too much to cover in one reply though 🙂
Another one to look out for. Thank you Martin. I had a Tax Refund email yesterday . It was a spoof but the email looked quite good but not good enough.
It’s a numbers game for these spammers (or whatever one would call them). Whilst you wouldn’t expect a high percentage of people to get caught, when sent to tens (or even hundreds) of thousands of email addresses it only takes a tiny percentage to make it worthwhile for the spammer.
Yes and I suspect we will soon get the email advising we have been left a fortune by a Nigerian heiress who just died and please can we have your bank details to send the money to, and by the way we need $200 to set the wheels in motion.
It first came around about 5 years ago, then again 3 years ago so I guess its the numbers game you refer to.
Don’t forget the saying of my old Dad’s (and probably most people’s old Dads too) ‘If it looks too good to be true it probably is.’
The offers of riches from embezzled (usually) Nigerian sources goes way back to the dark old days of faxes (If you don’t remember what a fax is, ask your Dad :o) ) – there was an Aussie chap who played them at their own game – for a little light relief have a read of this website.