Security researchers believe a new spam campaign brandjacking LinkedIn may be using data stolen through a data breach which hit the popular networking site earlier this year.
The emails are made to look like official reminders from the site telling recipients that they have messages and/or connect requests waiting for them. Those that click on the included link are sent to a shady internet pharmacy site. So far the site doesn’t appear to be hosting malware. It’s goal seems to be to simply make money off duping people into buying the fake drugs for sale there.
Because the messages are showing up in legit inboxes and not being detected at all in spam traps, researchers speculate that the addresses receiving the spam were harvested during the June data breach. That breach allowed hackers to steal over 6 million passwirds and, presumably, the email addresses attached to them. (LinkedIn users have their email addresses as usernames).
“The difference with this hack, as opposed to many others, is that people put their REAL information about themselves professionally on the site, not just what party they plan on attending, ala Facebook and others. And every time one of your LinkedIn contacts updates their profile, you get updates from LinkedIn showing what’s happening. This has the aggregate effect of garnering a form of peer review on what you post about yourself, knowing that it is exposed potentially to those business or career contacts that have a direct impact on your life. In other words, mess with somebody’s professional profile, and you’re messing with their life, and their contacts know about it.” – ESET security researcher Cameron Camp told Help Net Security.
LinkedIn is still investigating the breach and hasn’t had much to say about it. If email addresses were indeed harvested, those affected should expect even more spam and phishing attacks too. The collected data would be a gold mine to scammers and spammers and likely sell for big bucks on the black market.