Nigerian scam goes 2.0 – targets LinkedIn and other social networking sites

Researchers from BitDefender have detected that social networks are the newest medium for Nigerian “4-1-9” scams. The scam has been put to use on the professional networking website LinkedIn, as well as other social networking websites. LinkedIn Corporation is the world’s largest online professional network, with more than 21 million users worldwide.

In the most recent outbreak of the Nigerian scam — an advance fee fraud that is estimated to gross hundreds of millions of dollars annually — the scam letter is sent as a LinkedIn or other social networking sites’ invite to join the user’s network. A profile page is established with the social networking site, to make the claims in the scam letter appear legitimate. Since the scams are only delivered to the social networking site’s user accounts, they completely bypass antispam filters.

Since identification of the scam, BitDefender has been collaborating with LinkedIn to address the issue.

“I think this new twist is more dangerous than the old 4-1-9 scheme because of the increased chance for network users to fall for the scam,” said BitDefender CTO, Bogdan Dumitru. “Since LinkedIn and other social networking sites are used to build up businesses or careers, users tend to view the invitations as trustworthy.”

Most social networking sites do not verify the identity of those who join, which can lead to abuse.

“On LinkedIn, individuals have full control over their networks,” said Kay Luo, LinkedIn’s Director of Corporate Communications. “Users decide who to allow into their networks and which introductions to pass along.”

LinkedIn has always recommended the following best practices when sending and receiving invitations:

• Only accept LinkedIn invitations from people you know and trust.
• Personalize your LinkedIn invitations and messages so that the recipient knows who you are. If necessary, remind the person of how you know each other