The Better Business Bureau and Cisco are reporting that LinkedIn users have received suspicious e-mails indicating they have new invitations to connect and new messages awaiting their response. The e-mails contain links to direct recipients to the invitations and messages, but the links don't go to the LinkedIn.com domain.
In an alert posted on its web site, Cisco said the link actually triggers malware that will embed itself in the user's web browser if opened. The malware could potentially steal a computer user's personal and sensitive information.
Jane Hart, BBB spokeswoman in Charlotte, told Consumer Ally she knew the e-mail could not be legitimate when she looked at the address connected to the link and noticed it was not from LinkedIn. After receiving the e-mail, she checked her LinkedIn profile and noticed she did not have any messages pending, nor an invitation to connect.
"Although the BBB has seen dozens of phishing scams targeting Facebook and Twitter users, this is the first phishing scam we have seen that targets LinkedIn users," she said in a statement. "With 60 million people on LinkedIn, it was only a matter of time before scammers began phishing in the LinkedIn pond."
Hart recommends users take the following precautions when using LinkedIn or other social networking sites:
- Delete suspicious e-mails immediately.
- Do not click on any links or download attachments in suspicious e-mails. These links and attachments can expose your computer to spyware, malware and other viruses.
- Make sure you protect your computer with a good quality anti-virus software and scan your computer for viruses frequently.
- Instead of clicking on links in suspicious e-mails, go directly to your profile page on www.LinkedIn.com to see if you have any new messages or invitations.
- Be careful how much personal information you share online because you don't know who is reading it and what their intentions may be.
- Use the web site's privacy settings to control who's able to see the information you post online.