Spam in fake LinkedIn messages

January 19, 2012 2 Comments

MX Lab, http://www.mxlab.eu, has noticed a large spam campaign on behalf of the Canadian Family Pharmacy in fake LinkedIn messages.

The messages come the spoofed email address <member@linkedin.com> with the authors like:

Fenella  Macdonald via LinkedIn <member@linkedin.com>
Catriona  Bailey via LinkedIn <member@linkedin.com>
Susan  Jones via LinkedIn <member@linkedin.com>
....

Subjects in use:

Can i place your photo on my site?
Can i place your photo on our facebook page?
Can i place your information on our web page?
Can i place your video on our web site?
Can i place your video on my facebook page?
Can i place your contacts on our twitter page?
…..

Example of the email:

The URL in the message point to different web hosts and pages with an redirect HTML:

<html><head><title>Buy Viagra Online – Online Pharmacy</title><style type=”text/css”> a { font-size: 24pt; } </style><script type=”text/javascript”>var a = “hxxp://viagralevitratestosterone.com”;window.location = a;</script></head><body><center><h1>#1 Online Pharmacy</h1><br>Online DrugStore<br><a href=”hxxp://viagralevitratestosterone.com”>Buy Viagra Online</a></center></body></html>

In return, the redirect points to hxxp://viagralevitratestosterone.com.

Filed under Spam Tagged with , ,

2 Responses to Spam in fake LinkedIn messages

  1. John W says:
    January 21, 2012 at 12:55 pm

    They are also spoofing YouTube addresses. Received one today. Not sure if it’s the same destination as it’s an IP address starting with http://195.64. and then ending with 254.21 followed by /~webmaster and finally /grabbers.html

    It’s plaintext except for the YouTube logo.

    Email headers:

    From: YouTube Service
    Subject: Walker sent you a message: Hi.
    Date: 21 January 2012

    Body:

    [YouTube logo] help center | e-mail options | report spam
    Walker has sent you a message:

    Hi.
    To:[my email address]

    Can i place your photo on our web page ?
    You can reply to this message by visiting your inbox.

    © 2012 YouTube, LLC
    901 Cherry Ave, San Bruno, CA 94066

    Reply
  2. John M says:
    January 22, 2012 at 6:11 pm

    Since receiving a genuine invitation from a cousin a couple of weeks ago to join LinkedIn, I have been receiving every day about 10 scam emails of this kind from (supposedly) LinkedIn, FaceBook, Twitter, YouTube.
    I did not reply to the original invitation, so it was obviously posted somewhere on my cousin’s page at LinkedIn. I also never joined any of these social network sites, so it is clear where the info for the scammers came from.
    The scammers also use additional titles, that you should stop scamming them (lol), which may provoke some people to reply … or get to the Viagra site.
    I’m glad I never joined any of these hellish social networks :) .

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 109 other followers