Security provider Commtouch is reporting a spate of bogus LinkedIn email notifications that lead unsuspecting users to be infected with malware.
The spoofed notifications look to be legitimate, sporting the LinkedIn logo and a format familiar to members of the business networking platform, making the operation difficult to detect at a glance.
"The LinkedIn reminders that are included in the attack include several variables such as names, relationships, and the number of messages awaiting response. As usual the giveaway that something strange is occurring is the link," wrote Commtouch's Avi Turiel.
An example of the rogue message as provided by Commtouch is as follows:
Turiel reports that if a user clicks on the notification link, they are directed to a generic looking notification page while malicious scripts are executed to exploit known vulnerabiltities in Adobe's Reader and Acrobat applications.
Compare the bogus notification to a legitimate one here:
“Of course the malware is hugely problematic – but another issue emerges from all of these phony LinkedIn invitations – they cause malware-aware users to be suspicious about genuine invitations," Turiel noted.
Last month researchers at security provider GFI Labs reported a similar campaign of faux LinkedIn notifications tainted with a malicious link intended to infect the targeted recipient's computer with the Cridex malware, commonly utilized in spam-based attack operations.
As a general rule of thumb, LinkedIn users should not engage such notifications directly from their email, but instead should confirm the message's authenticity by seeing if the message appears in their LinkedIn account inbox.