The threat behind fake LinkedIn messages

Retarus sent out a warning in response to a current wave of fake contact requests via the social media platform LinkedIn. These well-simulated e-mail messages present a considerable risk to PC-owners. Unsuspecting users are lured into a trap via the seemingly well-intentioned e-mails and their PCs are infected with malware in an attempt to gain access to personal information.

The e-mails feign to be a contact request sent from the social media platform LinkedIn. Users who try to access the platform via the link are routed to an intermediary website – with the simple notification “Please waiting … 4 seconds”.

From there, they are then redirected to Google. In these four seconds the spyware ZeuS is uploaded in the background and secretly installed. Cyber criminals use this type of spam to gain access to personal information, such as access data for online banking.

Social media spam is on the increase. Retarus analyses have shown that one in three spam e-mails are clearly sent in the guise of social networks. Retarus Managing Director, Martin Hager, warns, “Social media spam is particularly dangerous because the contents seem well-intended, and the original e-mails are so perfectly imitated, that lay persons are unable to identify them as fakes. Mail users who have defined social media platforms as safe senders, via whitelist entries in their spam filters, are especially affected.”

Users should not respond to contact requests, especially from unknown senders, and delete these e-mails immediately. To verify the authenticity of contact requests, it is recommended that users avoid logging in to their social network by clicking on a link which has been sent via e-mail.