I got a LinkedIn connection invitation this afternoon. Well, actually, it was a reminder than I had invitations pending. The reminder came to my personal e-mail, where such reminders are not uncommon. It is not the e-mail I use for LinkedIn, but many friends trying to link to me don't know that. The difference today was that the name in the reminder was not one I recognized. Sure enough, when I checked the address on the link, it wanted to take me to a location other than LinkedIn. I deleted the e-mail and, obviously, did not click on the link.
Shortly after I got that e-mail, I found out that I was part of a cyber attack targeting LinkedIn (lucky me!). According to Cisco:
Victims are emailed an alert link with a fictitious social media contact request. These messages accounted for as much as 24% of all spam sent within a 15-minute interval. Clicking the link, victims are taken to a web page that says "PLEASE WAITING.... 4 SECONDS" and redirects them to Google. During those four seconds, the victim's PC is infected with the ZeuS data theft malware by a drive-by download. ZeuS embeds itself in the victim's web browser and captures personal information, such as online banking credentials, and is widely used by criminals to pilfer commercial bank accounts.
We tend to be focused on the security issues involving Facebook and Twitter that we too often forget that as other social-networking sites are just as vulnerable to attacks. In fact, today's LinkedIn news follows another report last month about fake email that looked as if it came from LinkedIn connections, but was part of phishing schemes. And the Perimeter E-Security webinar I attended mentioned scams involving bogus connections.
Another good reminder that always double-check before automatically trusting any information from a social media site.