Don't Get Duped by LinkedIn Spam Scam

Tuesday, October 12, 2010

Theresa Payton


CISCO reported that almost 25% of the world's spam recently came from infected related emails targeted at LinkedIn users.

The emails look legitimate and shows a linked in request.  If you click on the link, you wait for a few seconds and then Google launches. 

Behind the scenes though, Zeus has been dropped onto your computer in what is called a "drive by download".

Zeus is the malware that typically focuses on stealing your online banking credentials from you.

If you use a mobile phone and think this does not apply to you, think again.  If they can infect your computer and your phone, they could reroute calls and text alerts so you will not know until it's too late.

The experts believe that this attack is most likely targeted at employees that have access to financial systems, including online commercial bank accounts.

Sample screen of the spam scam email from the Cisco Blog:


1.  Educate - People are the first line of defense.

2.  Think Before You Click - Whenever you get reminder emails from social networking sites, I ignore the link and go directly to the site.  Most sites have an easy way to get to your pending messages.

3.  Computer Changes - If your computer starts to act sluggish or freezing up, you may be infected by Zeus or another malware; refer to a computer professional to clean your computer.


"LinkedIn Attack Spreads Zeus Financial Malware", Mathew J. Schwartz, InformationWeek,  September 29, 2010.

"LinkedIn and ZeuS", Adam Ross,, October 1, 2010.

"LinkedIn Zeus spam run targets prospective business marks", John Leyden, The Register, October 5, 2010.

CISCO Blog Report at

Cross-posted from Fortalice Solutions

Possibly Related Articles:
Viruses & Malware
malware Zeus
Post Rating I Like this!
Adrian Ro Really good to know about this! Regular users in linkedin like me should be aware of this.
Anthony M. Freed Adrian - Agreed. I went back through my LinkedIn notifications and was surprised that they did not alert members about this scam. Until this point, I have never felt the need to be suspicious about my LI communications. Many of the links shared via LI are shortened URLs, so I encourage members to use the free online services to always un-shorten URLs before clicking:
Terry Perkins Thanks for the information, Theresa.

@Anthony, it is strange that LI didn't communicate this. Thanks for the un-shorten URL. I didn't know about it.

I love InfoSec Island. I learn so much!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.