We first saw the new email back in December and thought it was a standard spam/phishing email much like the ones we have gotten in our junk mailbox (Hotmail) for years. However we quickly noticed that we were not getting this email in any other email accounted except for the one that was tied to our LinkedIn account. To test this we created a new LinkedIn account using an existing email address and also reopened an old LinkedIn account using another email address. Both of these addresses are now getting the new emails about once a week.
The Emails appear authentic although the formatting is not correct for the type that they are claiming to be. They often come in along with other communication from LinkedIn which can make them hard to spot. They are almost always formatted to appear like they are an invitation to connect from a LinkedIn user with links in them to view the user’s profile and to go to your Inbox to check things out. Unfortunately clicking on any of the links in the email take you to someplace that you do not want to go. The address that they are attached to is "agnesyipmua.com/wp-content/plugins/akismet/track.php?c005". This address has nothing to do with LinkedIn and appears to try and install tracking software on your system. We tried to grab the php file, but the people pushing this scam have thought ahead and are blocking the download of the page as well as preventing direct access to the file.
The good news is that the formatting is off for both an invitation to join someone’s LinkedIn network and for a message that is waiting in your inbox. This makes spotting them a little easier than some of the other phishing attempts we have seen. The downside is that these are targeting emails and not sent out to a mass amount of users. The emails will come to you directly instead of to multiple users in a list (like many of the Facebook phishing emails that are going around). We have to wonder how the people behind this are getting access to LinkedIn users’ email addresses. Is this fallout from the breach that happened earlier this year or has someone else gotten into the system and managed to grab another users list? Either way we recommend checking twice before responding to, or clicking on a link in any messages that look like they are coming from LinkedIn; at least for the time being.
Tell us your thoughts on this new issue in our Forum