Phishers Target New Victims on LinkedIn

Users of LinkedIn are being warned that scam artists are using the site to nab lucrative bank account information from naive victims, say security experts.

Users of the professional-oriented social networking site LinkedIn are being warned that scam artists are using the site to nab lucrative bank account information from naive victims, say security experts.

Advanced fee fraud — also known as "419 scams" after the relevant section of the Nigerian penal code — have become well-known to most e-mail users. The fraudster poses as a foreigner that has lucked into millions, but needs help to keep their money secure (one fraudster even pretended to bean African astronaut aboard the International Space Station).

As soon as someone is naive enough to share their bank account information, they find that money is withdrawn from their account — not deposited, as promised.

Stymied by corporate e-mail filters and buoyed by the trust that users are giving social networking sites, scammers are trying their old tricks in new channels, according to Graham Cluley, senior technology consultant at Abingdon, UK-based security vendor Sophos PLC.

"Now they're trying their scam with a network used by businesspeople," he says. "By using this mechanism, the criminals know they're talking to people who aren't 13-year-olds, but people with money in their pockets."

Cluley shares one example of the phishing attack that he received on LinkedIn. A user named Natasha Kone claims to be a 22-year-old woman from the Ivory Coast. Her message goes through the usual scam-artist routine of describing the US$6.5 million inheritance left to her by a deceased father, and why she's looking for a foreign partner to help secure the money.

It's a ploy most people would dismiss out of hand.

"The problem is that common sense isn't very common," Cluely says. Sophos knows of many examples of normally astute individuals suckered in by nicely formatted e-mails, and some have lost dollar sums in the millions.

Social networking sites are now the top phishing target,according to the most recent Internet Security Threat Report from Symantec Corp. The sites are the source of the most phishing attacks in the top three countries where phishing occurs — the US, China and Romania.

Overall, phishing messages went up by five per cent in the second half of 2007. There was a total of 207,547 unique messages identified — that's 1,134 different messages for each day.

Scammers are enjoying the trust that social networking users tend to give to the Web sites. Users feel a false sense of security due to being connected to a network of their peers.

"Promiscuous users are accepting friend and network requests from people they don't even know," says David Senf, director of research for Canadian security at Toronto-based IDC Canada. "The trouble is that no one wants to be rude."

But workers should be more stringent about who they add to their friends list, experts say. There's no guarantee that the person you're adding isn't an Internet impersonator. Once a scammer is on your friend's list, you've given them an open route to repeated attempts at nabbing your sensitive information.

One simple measure LinkedIn users can take is to only accept invitations from people who at least know your e-mail address, Cluley says.It's an option that can be simply turned on.

"It's just an extra little bit of effort that most criminals will not take," he says. "They can't just willy-nilly spam everyone on LinkedIn."

LinkedIn's user conduct agreement states that misrepresenting your identity on the network is a breach. So is the use of invitations to send messages to people you don't know. requested an interview with a LinkedIn spokesperson, but there was no response at the time of publication.

But companies can't be rest-assured that LinkedIn will delete the accounts of all the bad guys out there, says Jim Lippard, director of information security at Florham Park, N.J.-based IP network provider Global Crossing Ltd. There should be a policy in place to address how employees use social networks.

"Advise employees not to put the company's proprietary information onto their profiles," he says. "Just be aware the information can be read by anyone."

Even users who consider themselves careful about who they add as friends have to be careful, Lippard adds. Social networks are made more unsafe for everyone by those who accept every connection put forward to them.

Staff recruiters at large corporations often have large friend lists, for example. The presidential candidates in the US election also have profiles and will accept anyone as a friend to build their popularity showcase, the security expert says.

"They're operating their profiles like a MySpace bands page," Lippard says. "Once you have an indiscriminate group of people doing this, that means there are more unsecure links closer to all users."

For now, one fraudster's identity has been removed from LinkedIn. Natasha Kone has been deleted from the social network's database. But there's no telling how much damage the scammer has already done.

"I'm sure the only person who really knows that is the one lurking behind the identity of Natasha Kone," Cluley says.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Brian Jackson
Show Comments


Brother MFC-L3745CDW Colour Laser Multifunction

Learn more >




Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?