LinkedIn Phishing Scam
Shout out to all my LinkedIn Connections. Beware of Phishing scam!
For those of you that are still wondering what a phishing scam is. Here are some pointers to look for when identifying if an e-mail is real, or if you are about to fall victim to a phishing scam.
What is a Phishing Scam?
WikiPedia.com defines is as follows: "Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication".
In other words, you receive an e-mail from someone claiming to be someone (or a company) that they are not. And their purpose is to steal something from you!!
The way they operate is by creating sites that look identical to the actual site and then claiming things like, “your accounts has been hacked and you need to change your password immediately”. This way you basically give your username and password away to a stranger that is most likely going to use it for malicious intent.
But how do you identify phishing scams? Here are some pointer to help you.
1. Domain Name
The first give away is the Domain Name. A Domain Name is a unique identifier for a website. A few examples of domain names are: linkedin.com, google.com, facebook.com, etc.
So let’s take an example. If LinkedIn send you an e-mail it must end with @linkedin.com. So if you receive an e-mail from somewhere claiming to be the LinkedIn administrator it needs to come from their domain otherwise you can be certain that the e-mail is not valid.
Have a look at the image I attached. Specifically look at the top part underlined in red. Ryan.rencq@ef.com claims to be from LinkedIn.com. Definitely someone that is trying to gain access to your account.
And don’t blame poor Ryan, because they mostly use hacked e-mail accounts to send these phishing mails from.
2. The Link they want you to click on
A second check you can do is by hovering your mouse pointer over the link. See the part of the image in the middle with the thin red line. It shows the actual link that you will be redirected to when clicking their false link.
If the mail comes from LinkedIn and the link shows: https://corazonescentroedu.com then you can quickly identify that this link is false. And don’t let the last part “linkedin.html” fool you. That is just the page name and can be faked easily.
3. Analysing the site that opens up
If you are still unsure and end up clicking the link you will be redirected to a page that will normally look exactly the same as the original.
Open a new tab and use your favourite search engine to perform a search for the entity in question. (In our example LinkedIn)
Now access the LinkedIn website from your search engine and use your credentials to login. If this works than you know that the claims that your account was hacked is false, as you are able to login.
You can also compare the 2 pages, click on links inside the page to check if they actually redirect you to valid content, etc.
4. Search for the scam
Open you favourite search engine and perform a search for the item in question. In our example I will use search keywords such as “We are unable to verify your LinkedIn account and need to be fixed at once” or “LinkedIn Verify Now To avoid account closure”.
Also looks at spelling mistakes, corporate branding, etc. They often make mistakes as you will see in my example above. To is spelt incorrectly in context. It should be too.
If you are still unsure, contact your IT person, or contact the company in question directly and report the scam or find out if they have requested this.
Be careful people. Identity theft is real and it happens more often than you think. You do not want to become a victim of these faceless criminals!!