There has been an increase in spam emails related to the business-oriented social media platform Linkedin, which has revealed that 500 million users have been exposed to data breaches in the past days. Studies report that millions of LinkedIn users have been subjected to email scams. Stating that hackers target users with various phishing methods and scams with LinkedIn themes, especially to capture accounts, Akkoyunlu says that e-mails with LinkedIn content are the most clicked phishing scams this year. Although the recent surge in LinkedIn-themed spam emails cannot be directly attributed to the leaked information of 500 million platform users, the overwhelming number of deceptive and fraudulent emails suggests otherwise.
Alev Akkoyunlu warned that LinkedIn users should change their passwords and says that two-factor protection should be activated for both account and mail. According to the company’s Antispam Lab telemetry, the types of spam emails that increase after the Linkedin data breach are as follows:
1. Selling Fake Contact Lists That Can Be Used In Email Marketing
In these emails, fraudsters do not ask for your personally identifiable information or the emails do not contain malicious attachments. At the end of each email, there is an unsubscribe button, and when the recipients press the unsubscribe button, the scammers verify whether the email is displayed, confirming that the recipient’s email address is valid. Thus, these email accounts can be used in future spam campaigns.
2. “Hello, I Want to Join Your LinkedIn Network.” Scam
Some spam emails use classic phishing tactics, sending fake link requests to users to steal LinkedIn login information. In one version of the scam, buyers receive a seemingly valid link request from a sales manager named Kate.
However, when you examine the email closely, you realize that you should be suspicious immediately. Scammers put some effort into creating the email by not using a standard email template. The email intentionally mimics a LinkedIn invitation that users cannot interact with. Maximum efficiency is achieved as it is forced to access the attached file for more information. When buyers click on the attached Linkedin.html, a fake LinkedIn page opens. The green window that opens on the page asks for the account password, and when this information is filled in, your login information is sent to the attackers.
3.A New Business Opportunity Scam
In another common Linkedin scam, cybercriminals send fake LinkedIn job opportunities to targets. By clicking the Accept Job button, buyers interested in the job will be greeted with a separate window asking for their account passwords.
The scam and phishing emails above can trick LinkedIn users into giving their account passwords to cybercriminals, even if they don’t want you to take immediate action due to the lack of a security warning. Before you know it, your account password is in the hands of malicious people and they can now hijack all your online accounts using the same email and password combination.