Warning: Fake LinkedIn E-Mail Could Infect Your PC
Don't look now, but that "LinkedIn" invite you just received from a "colleague" may in fact be yet another cleverly disguised piece of spam.
In a 24 hour period I've received more than 20 variations this piece of e-junk, almost all of which slipped past my spam filter. Most of them include the line:
"[Insert name here] has indicated you are a Colleague at Interbrand."
My e-mail client (Thunderbird) blocks images automatically, but when I told it to load one I got this ad for male performance enhancers (click to enlarge the image):
Which I have to admit is pretty funny. Clearly this is not a phishing attack; the spammers here are just exploiting people's trust in LinkedIn to get them to open the email, in the hope of enticing the curious and/or stupid to click that link.
In this case, all the links lead to a Web site called PathTasty, which bills itself as "Canadian Pharmacy -- #1 Internet Online Drugstore." A Google search for that turns up this McAfee Site Advisor review, which is anything but magical:
"Canadian Pharmacy" / "European Pharmacy" / "Canadian Healthcare" is an illegal and dangerous pharmacy operation run by the Russian criminals Igor Gusev (Игорь Гусев) and Andrey Smirnov (Андрей Смирнов) and their affiliate program Spamit/Glavmed (Спамит/Главмед).
You seldom see greedier scumbags than these criminals. They don't care how much damage they cause to innocent people as long as they get all they want. No matter if people get seriously ill or even die after taking their fake drugs, or lose their money after giving over their credit card details. They would be happy to sell their own mother for a quick buck. But of course they don't have one - this kind of filth breeds in drains."
Nice. Other LinkedIn spam isn't so obvious or so benign though. I also received fake invites that lacked the Viagra Houdini image but still lead to weird sites (like one called "Cernoma"). When I visited that site, Google Chrome tossed up the following warning:
So it looks like I just narrowly missed a drive-by malware infestation. Whew!
I've asked the putative owner of that site via Twitter why he appears to be sending out spam. (There's at least a slight possibility his site has been hijacked.) I'll update this post if I hear back from him/her/it.
This is not the first time social media has been abused by spammers, and it appears to be a rising trend. (I've also written about bogus Amazon spam here.) These days, my email is so riddled with spam -- despite having filters at my ISP, Web host, operating system and email client -- I am seriously considering abandoning email altogether.
Ironically, the only place I can converse relatively spam free with friends and colleagues is on social media sites. For the most part, my Facebook and LinkedIn inboxes have been mostly free of junk; even Twitter isn't bad, once you banish the marketing tweetbots. Hopefully they too won't eventually be overrun.