Phishers are targeting the customers of banks, online payment services and social networking sites like HSBC Bank, PayPal, Fedex, Facebook, Evernote, Twitter and LinkedIn etc… Users of any online service or social networking site can be targeted through phishing emails and scams in a number of ways through emails.
Below we will show you how you can easily recognize a phishing email, just through hovering with your mouse and applying some common sense. It is easy once you know what to look out for.
Phishing emails are one of the most common ways for fraudsters to scam unsuspecting consumers.
LinkedIn has certainly become one of the most popular business-to-business social networking tools, some even say the site is replacing recruitment sites! Not surprisingly, it is becoming a target for phishing attempts.
This email, which masquerading as a member invitation from popular business focused social network LinkedIn, recipients are asked to click on a link ‘visit your InBox now’ to view the pending messages.
The email includes the LinkedIn logo and looks very similar to a genuine LinkedIn invitation message.
However, the message is not from LinkedIn. All of the links in the message lead to compromised websites that have no connection to LinkedIn.
Omniquad Security Research Labs found that the endpoint URL contains a criminal toolkit known as the BlackHole Exploit Kit. BlackHole is a web application used by criminals to exploit browser vulnerabilities as a means of downloading and installing Trojans and other types of malicious software into victim’s computer.
If an email contains a link and you’re unsure whether it’s legitimate, hover over it with your mouse to see what address it directs you to. To avoid being scammed read the below guide how to spot a scam and protect yourself from such type of phishing attacks.
In fact, LinkedIn has regularly been targeted in such malware and phishing attacks. Always ensure that LinkedIn messages are really from LinkedIn. Scam emails often use HTML to disguise links in their bogus messages. As you can see below screen shot, this email looks somewhat credible.
However, we can differentiate LinkedIn phishing email from a real LinkedIn email from the below screen shot:
A LinkedIn Phishing Email
The message body says:
From Akshay Das (Senior Director, Business Development, Information & Media Division at The McGraw Hill Companies.)
There are a total of 3 messages awaiting your response. Go to Inbox now (clickable link to malicious site)
- Take a look at the From Field in the screenshot, you can see that the mail is not originally coming from LinkedIn.
- The highlighted text that states ‘go to inbox now’ does not pointing to a true LinkedIn website.
- The highlighted text that states ‘go to inbox now’ does not pointing to true LinkedIn website.
So, to summarise, the sender is not LinkedIn, hovering over the clickable links reveals that the urls are not LinkedIn, but pointing to a Russian domain.
A quick search will reveal that McGraw Hill Companies is real, and there are several people named Akshay Das on the LinkedIn network, but none appear to work for McGraw Hill. The scammers have used a real company and a real name to give their scam more credibility.
A Real LinkedIn Email
As you see in the real email from LinkedIn, the url pointing to LinkedIn website itself.
The From Field in the screenshot tells you that the email is from ….@bounce.linkedin.com – a real LinkedIn email address.
The links in the screenshot shows the linkedin.com domain in the URLS when you hover over them with the mouse.
The Email Source
We would like to share the source code behind both the real and phishing emails.
Source code of the fake LinkedIn email:
You can see that the URL hiding in the code is http ://doctormusi.ru/templates/beez/track. php?c002 you see there is a tracking code at the end. Tracking codes are strings of text added to the end of a URL which let you track the source of a click.
Source code of the real LinkedIn email:
You can see that the URL hiding in the code is http://www.linkedin.com, so clicking on links in real emails from LinkedIn is safe.
Phishing scams of this nature are all too common and, in spite of widespread publicity, they continue to fool people all around the world into handing over their financial and personal information. Legitimate banks and other financial institutions will never send their customers unsolicited, generic emails that request them to click a link to login and provide personal information.
Finally our mantra:
Tips to spot phishing emails:
- Request you to supply personal information directly into the e-mail or submit via online.
- Threatens to suspend or close your online accounts if you do not respond for the email.
- Claims that your account has been compromised or accessed by un authorized person.
- Requests you to enter, validate or verify your account information.
- States that there are unauthorized charges on your account and requests your account information.
- Claims that the bank has lost important security information and needs you to update your information online.
- Requires you to enter your card number, password, user ID or account numbers into an email.
Protect yourself from email frauds.
- Never click on Hyperlinks within emails, instead, copy and paste them into your browser.
- Do not open any file attached to the email.
- Always look for “https://” and padlock on web sites that require personal information.
- If you didn’t initiate a transaction to which an email is referring, it’s probably a scam.
- Never respond to spam / suspicious email or emails from unknown senders.
- Do not supply your personal / Bank account information to strangers, they are most likely scammers.
- Use spam filtering software.
- The Omnqiuad Security Team