LinkedIn struck by 419 scammers in bid to steal from business workers

May 22, 2008 Sophos Press Release

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned workers of the dangers of connecting with people they don't know via the business networking website LinkedIn. Sophos's warning comes following the discovery that advanced fee fraud scammers are using the site to try to find potential victims.

Advanced fee fraud, also known as 419 scams after the relevant section of the Nigerian penal code, are a common sight in many computer users' email inboxes. Typically they claim to offer a small fortune in the form of a lottery win or inheritance, in exchange for an individual's banking details or payment of a "handling charge".

Scammers obstructed by corporate anti-spam defenses at the email gateway have now turned to sites like LinkedIn to try to lay traps for unwary business workers.

419 scam on LinkedIn
Spammers are trying to lure workers into financial scams via LinkedIn connection requests.

Earlier this week, a 419 scam was sent via the LinkedIn website claiming to come from a 22-year-old woman living in the Ivory Coast who has been passed $6.5 million by her deceased father.

Part of the message reads:

Before the death of my father on the 12th December 2007,in a private hospital here in Abidjan,he called me secretly to his bed side and told me that he kept a sum of $6.500 000 (six million five hundred thousand United States Dollars) in a bank in Abidjan Cote D'ivoire. He used my name as the next of kin in deposit of the fund.He also explained to me that it was because of this money he was poisoned by his business partner and that i should seek for foreign partner in a country of my choice where i would transfer this money and use it for investment purpose.

The message goes on to request bank account information and implore the recipient and potential victim to reply to a Yahoo! email address within seven days.

"419 scammers may be hoping that the typical professional on LinkedIn may have more disposable income than the archetypal MySpace or Facebook user, and is potentially a bigger catch. Furthermore, whereas many are used to receiving dangerous spam in their email inbox, they may be less careful when it comes to their Web 2.0 account," said Graham Cluley, senior technology consultant at Sophos. "Web 2.0 sites like LinkedIn and Facebook give strangers the ability to contact you, without the defensive umbrella of your corporate anti-spam filter. Computer users should be on their guard about any unsolicited email as it could be from a cyber con-man."

Sophos experts recommend that LinkedIn users who wish to reduce the chances of receiving spam change their communications settings on the site.

"LinkedIn provides the ability to prevent people from sending you an invitation to connect unless they know your email address or appear in your 'other contacts' list," explained Cluley. "That should cut out a lot of the junk mail arriving at your LinkedIn account. Other options can reduce the amount of spam you receive at LinkedIn even further."

Other examples of 419 email scams seen in the past include a message claiming to come from a US Sergeant serving in Baghdad, the grandson of the late General Pinochet, Christian workers offering a puppy being offered for adoption, and even an African astronaut stranded on the Mir spacestation.

"It seems likely that scammers will continue to innovate and use imaginative tricks to separate the unwary from their money for many years to come," continued Cluley. "If more people kept in mind the old adage of 'there is no such thing as a free lunch', and employed a little skepticism, then maybe the bad guys would find the pool of potential victims beginning to dry up."