Fake LinkedIn notifications lead to phishing and malware

LinkedIn users are once again targeted with a massive and widespread spam campaign that takes the form of a notification about a supposedly received message from a potential new connection:

Unfortunately, the offered links – although legitimate-looking – take users to compromised sites that either ask them to share private and personal data, or serve them with a variety of malware that steals information and hijacks users’ address book to spam their contacts.

These compromised sites are often located on US, UK, Russian or Italian domains, says Bitdefender, and the good news is that a AV solutions and Google itself will often spot them and warn the users about their current malicious nature.

“Malware writers are again taking advantage of LinkedIn’s popularity and users’ social media engagement after the holidays. With many people back to work and eager to strengthen their professional connections, the malicious campaign comes in really handy for the attackers,” Bitdefender concludes.

Don't miss