Phishers Target New Victims on LinkedIn

Users of LinkedIn are being warned that scam artists are using the site to nab lucrative bank account information from naive victims, say security experts.

Users of the professional-oriented social networking site LinkedIn are being warned that scam artists are using the site to nab lucrative bank account information from naive victims, say security experts.

Advanced fee fraud — also known as "419 scams" after the relevant section of the Nigerian penal code — have become well-known to most e-mail users. The fraudster poses as a foreigner that has lucked into millions, but needs help to keep their money secure (one fraudster even pretended to bean African astronaut aboard the International Space Station).

As soon as someone is naive enough to share their bank account information, they find that money is withdrawn from their account — not deposited, as promised.

Stymied by corporate e-mail filters and buoyed by the trust that users are giving social networking sites, scammers are trying their old tricks in new channels, according to Graham Cluley, senior technology consultant at Abingdon, UK-based security vendor Sophos PLC.

"Now they're trying their scam with a network used by businesspeople," he says. "By using this mechanism, the criminals know they're talking to people who aren't 13-year-olds, but people with money in their pockets."

Cluley shares one example of the phishing attack that he received on LinkedIn. A user named Natasha Kone claims to be a 22-year-old woman from the Ivory Coast. Her message goes through the usual scam-artist routine of describing the US$6.5 million inheritance left to her by a deceased father, and why she's looking for a foreign partner to help secure the money.

It's a ploy most people would dismiss out of hand.

"The problem is that common sense isn't very common," Cluely says. Sophos knows of many examples of normally astute individuals suckered in by nicely formatted e-mails, and some have lost dollar sums in the millions.

Social networking sites are now the top phishing target,according to the most recent Internet Security Threat Report from Symantec Corp. The sites are the source of the most phishing attacks in the top three countries where phishing occurs — the US, China and Romania.

Overall, phishing messages went up by five per cent in the second half of 2007. There was a total of 207,547 unique messages identified — that's 1,134 different messages for each day.

Scammers are enjoying the trust that social networking users tend to give to the Web sites. Users feel a false sense of security due to being connected to a network of their peers.

"Promiscuous users are accepting friend and network requests from people they don't even know," says David Senf, director of research for Canadian security at Toronto-based IDC Canada. "The trouble is that no one wants to be rude."

But workers should be more stringent about who they add to their friends list, experts say. There's no guarantee that the person you're adding isn't an Internet impersonator. Once a scammer is on your friend's list, you've given them an open route to repeated attempts at nabbing your sensitive information.

One simple measure LinkedIn users can take is to only accept invitations from people who at least know your e-mail address, Cluley says.It's an option that can be simply turned on.

"It's just an extra little bit of effort that most criminals will not take," he says. "They can't just willy-nilly spam everyone on LinkedIn."

LinkedIn's user conduct agreement states that misrepresenting your identity on the network is a breach. So is the use of invitations to send messages to people you don't know.

ITBusiness.ca requested an interview with a LinkedIn spokesperson, but there was no response at the time of publication.

But companies can't be rest-assured that LinkedIn will delete the accounts of all the bad guys out there, says Jim Lippard, director of information security at Florham Park, N.J.-based IP network provider Global Crossing Ltd. There should be a policy in place to address how employees use social networks.

"Advise employees not to put the company's proprietary information onto their profiles," he says. "Just be aware the information can be read by anyone."

Even users who consider themselves careful about who they add as friends have to be careful, Lippard adds. Social networks are made more unsafe for everyone by those who accept every connection put forward to them.

Staff recruiters at large corporations often have large friend lists, for example. The presidential candidates in the US election also have profiles and will accept anyone as a friend to build their popularity showcase, the security expert says.

"They're operating their profiles like a MySpace bands page," Lippard says. "Once you have an indiscriminate group of people doing this, that means there are more unsecure links closer to all users."

For now, one fraudster's identity has been removed from LinkedIn. Natasha Kone has been deleted from the social network's database. But there's no telling how much damage the scammer has already done.

"I'm sure the only person who really knows that is the one lurking behind the identity of Natasha Kone," Cluley says.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Brian Jackson

ITBusiness.ca
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?