I last covered fake LinkedIn emails in 2010 – it wasn’t that big a deal.

Apparently going IPO and reaching 150 million users put a target on the company’s back – let’s look at the topic again…

When the email isn’t from who you think it is…

The trick works like this – the criminal sends you an email that looks like it’s from LinkedIn.

If you click on the embedded link to respond, your browser goes to a web site that exploits a loophole in the browsing technology to infect your PC with a virus.

If you click on a link to unsubscribe – same thing.

A picture says it all

And here are two images of fake emails:

Image of Spam LinkedIn Email

Fake LinkedIn Email with a Virus

Image of Spam LinkedIn Email

Second Fake LinkedIn Email with a Virus

And now for a REAL LinkedIn Email:

Image of Legitimate LinkedIn Email

Legitimate LinkedIn Email

Those virus dudes are getting better at it.

In the past, their use of “English as a second language” was abysmal – one could read the email and know that it wasn’t from LinkedIn, or a person from an English speaking country. (BTW – I am trying to insult criminal virus writers from foreign countries – If you want to appear to be John Smith from Anywhere, USA, you really need to know how to write in the English language…)

Detecting fraud

Let’s compare these emails – what discrepancies can you note?

  1. Bogus subject lines – in both fake emails, the subject line is not something that would come from LinkedIn. It’s created to entice the reader to open the email, but it isn’t “standard”.
  2. The use of a link to retrieve the message – LinkedIn doesn’t include that sort of a link. When LinkedIn sends you a message, you get the message, not a link to retrieve the message.
  3. Your email client may very well flag the items as spam – not visible here, but gmail properly detected the spam nature of these messages, sorted them to my spam folder and added a large red banner “warning” (that I edited out). Your email client is probably correct on these sorts of things…
  4. If you hover over the links, you will see that the location the links actually go to is not what is displayed. This should always be a warning. (I, of course, did not embed any links into this post;-)

And a point about the content of the email – when an actual connection, David, sent me a message, it looked like something he really thought I would want to know. It wasn’t some vague reference or “make money fast” sort of message. I could recognize his name – because I know him.

But these virus / infection messages have a couple things going for them:

  1. They have the colors and format correct
  2. They use “View/reply to this message” – just like LinkedIn does
  3. They include a comment at the bottom to adjust your message settings (which also takes the reader to the virus infection page…)

So it is at least partially understandable how someone may end up clicking on these sorts of links.

Protect yourself

A few things you can do to protect yourself:

  • Get an anti-virus / anti-spyware package. It’s just too difficult to operate in today’s networked world without some sort of protection. I don’t really care which one, but have one installed.
  • Use good tools. I’m not sure I know which tools aren’t good, but consider a browser other than IE. When I wanted to “safely” check out the web page that the links sent me to, my opera browser said “You really don’t want to go to that page, it will infect your PC. Please reconsider.” (Not those words, but that’s what I heard – and so I decided I really didn’t need to “see” that it was a virus infection page;-)
  • When in doubt, go to LinkedIn directly and check your inbox. Every LinkedIn communication – be it a message, InMail, or invitation to connect will be located within your LinkedIn inbox. You can login to LinkedIn and see them all directly. You don’t have to ever click on a link within an email. (this advice probably works for any membership site – go to its communication page)

But most importantly:

Connect to people you know and trust.

Why? Because when you connect to actual people, you have a clue that someone is really using the LinkedIn communication mechanisms to get a hold of you. Your good friend Mary just might be trying to reach you, some random person is not a connection, and so they aren’t likely using LinkedIn to reach you.

Someone wanting to meet you through LinkedIn could reach you with an InMail or an Introduction – and that would look different.

How things have changed – and stayed the same

Long-time readers may remember the post from October of 2010 – here’s a handy link to it just so you can compare the quality of the fake LinkedIn email messages. Better effort from the criminals, but still annoying.

And now you know – and knowing is half the battle;-)

To your continued success,


Steven Tylock