Fake LinkedIn Emails Delivering Spam

A new spam campaign is brand jacking popular social networking site LinkedIn to spreadlinks leading to shady domains. The emails, which look like notifications from the site telling the recipient they have a message waiting, contain links that allegedly lead to the messages. Instead they take the recipient to a pharmaceutical site offering fake prescription drugs and male enhancement products.

Spam involving these sites is nothing new. Even though the infamous Canadian Pharmacy ring was severely incapacitated when first Spamit and then Rustock went down in 2010, it hasn’t stopped spammers from trying to cash in on these fake pharmacies. While some actually sell drugs, they are almost always fakes made in India. Since these copycat drugs are made with absolutely no regulations or oversights, the FDA issued a warning to consumers to avoid ordering from these types of sites. There are also variants of these sites that are little more than fronts for phishing operations (people place their orders but never get anything and their CC info is stolen) or attempt to deliver malware.

While like most phishing emails, hovering your cursor over the URL will reveal that the link is fake, there are still people who see the LinkedIn branding and click, thinking it’s legit. What’s more unbelievable is that some of those people will actually stay on the site and buy something.  As long as these tactics work, spammers and phishers will keep using them.

Have you ever fallen for a phishing email? Even if you only clicked on the link, it counts. Share your story with us!

Written by Sue Walsh


  1. PAUla Jacobs · January 27, 2012

    Well, I haven’t yet experienced being phished or hijacked on all my personal and corporate email accounts. Maybe because I’m too careful about my email addresses. I don’t share them publicly – especially on social media and online communities. If it’s really necessary to divulge my email address, I put my so-called “alternative” email account. This account is somewhat anonymous – it does not tell my name and it’s from Gmail. I only give this email address when someone I don’t personally know will ask for one. You can also use this in forums and discussion groups.

  2. Devon Bancraft · January 31, 2012

    I’ve been phished in the past, mostly when I was working as a contractor looking for work via aggregate posting sites. Those that don’t do their homework can be subject to clever phishers. The thing that got me is that a phisher who has the time to put together a believable contract offer has just as much smarts to put together a convincing follow-up email.

Leave A Reply