About 10,000 users of LinkedIn.com, the social networking site for professionals, recently were targeted by a tailor-made scam that urged recipients to open a malicious file masquerading as a list of business contacts. Most e-mail-based malware attacks and phishing campaigns designed to trick people into handing over personal and financial data generally are blasted out indiscriminately. But so-called “spear phishing” attacks – such as the bogus LinkedIn campaign — address recipients by name in the subject line and body of the message to appear more legitimate. The messages in this campaign were of course spoofed to look like they were sent from support@linkedin.com, with the subject line “Re: business contacts.” The message read: [recipient’s name] We managed to export the list of business contacts you have asked for. The name, address, phone# , e-mail address and website are included. The list is attached to this message. After you you check…
Related Posts
