Spam in fake LinkedIn messages

MX Lab,, has noticed a large spam campaign on behalf of the Canadian Family Pharmacy in fake LinkedIn messages.

The messages come the spoofed email address <> with the authors like:

Fenella  Macdonald via LinkedIn <>
Catriona  Bailey via LinkedIn <>
Susan  Jones via LinkedIn <>

Subjects in use:

Can i place your photo on my site?
Can i place your photo on our facebook page?
Can i place your information on our web page?
Can i place your video on our web site?
Can i place your video on my facebook page?
Can i place your contacts on our twitter page?

Example of the email:

The URL in the message point to different web hosts and pages with an redirect HTML:

<html><head><title>Buy Viagra Online – Online Pharmacy</title><style type=”text/css”> a { font-size: 24pt; } </style><script type=”text/javascript”>var a = “hxxp://”;window.location = a;</script></head><body><center><h1>#1 Online Pharmacy</h1><br>Online DrugStore<br><a href=”hxxp://”>Buy Viagra Online</a></center></body></html>

In return, the redirect points to hxxp://

2 thoughts on “Spam in fake LinkedIn messages

  1. They are also spoofing YouTube addresses. Received one today. Not sure if it’s the same destination as it’s an IP address starting with http://195.64. and then ending with 254.21 followed by /~webmaster and finally /grabbers.html

    It’s plaintext except for the YouTube logo.

    Email headers:

    From: YouTube Service
    Subject: Walker sent you a message: Hi.
    Date: 21 January 2012


    [YouTube logo] help center | e-mail options | report spam
    Walker has sent you a message:

    To:[my email address]

    Can i place your photo on our web page ?
    You can reply to this message by visiting your inbox.

    © 2012 YouTube, LLC
    901 Cherry Ave, San Bruno, CA 94066

  2. Since receiving a genuine invitation from a cousin a couple of weeks ago to join LinkedIn, I have been receiving every day about 10 scam emails of this kind from (supposedly) LinkedIn, FaceBook, Twitter, YouTube.
    I did not reply to the original invitation, so it was obviously posted somewhere on my cousin’s page at LinkedIn. I also never joined any of these social network sites, so it is clear where the info for the scammers came from.
    The scammers also use additional titles, that you should stop scamming them (lol), which may provoke some people to reply … or get to the Viagra site.
    I’m glad I never joined any of these hellish social networks :).

Comments are closed.