Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have warned
workers of the dangers of connecting with people they don't know
via the business networking website LinkedIn. Sophos's warning
comes following the discovery that advanced fee fraud scammers are
using the site to try to find potential victims.
Advanced fee fraud, also known as 419 scams after the relevant
section of the Nigerian penal code, are a common sight in many
computer users' email inboxes. Typically they claim to offer a
small fortune in the form of a lottery win or inheritance, in
exchange for an individual's banking details or payment of a
Scammers obstructed by corporate anti-spam defenses at the email
gateway have now turned to sites like LinkedIn to try to lay traps
for unwary business workers.
Spammers are trying to lure workers into
financial scams via LinkedIn connection requests.
Earlier this week, a 419 scam was sent via the LinkedIn website
claiming to come from a 22-year-old woman living in the Ivory Coast
who has been passed $6.5 million by her deceased father.
Part of the message reads:
Before the death of my father on the 12th
December 2007,in a private hospital here in Abidjan,he called me
secretly to his bed side and told me that he kept a sum of $6.500
000 (six million five hundred thousand United States Dollars) in a
bank in Abidjan Cote D'ivoire. He used my name as the next of kin
in deposit of the fund.He also explained to me that it was because
of this money he was poisoned by his business partner and that i
should seek for foreign partner in a country of my choice where i
would transfer this money and use it for investment
The message goes on to request bank account information and
implore the recipient and potential victim to reply to a Yahoo!
email address within seven days.
"419 scammers may be hoping that the typical professional on
LinkedIn may have more disposable income than the archetypal
MySpace or Facebook user, and is potentially a bigger catch.
Furthermore, whereas many are used to receiving dangerous spam in
their email inbox, they may be less careful when it comes to their
Web 2.0 account," said Graham Cluley, senior
technology consultant at Sophos. "Web 2.0 sites like LinkedIn and
Facebook give strangers the ability to contact you, without the
defensive umbrella of your corporate anti-spam filter. Computer
users should be on their guard about any unsolicited email as it
could be from a cyber con-man."
Sophos experts recommend that LinkedIn users who wish to reduce
the chances of receiving spam change their communications settings
on the site.
"LinkedIn provides the ability to prevent people from sending
you an invitation to connect unless they know your email address or
appear in your 'other contacts' list," explained Cluley. "That
should cut out a lot of the junk mail arriving at your LinkedIn
account. Other options can reduce the amount of spam you receive at
LinkedIn even further."
Other examples of 419 email scams seen in the past include a
message claiming to come from a US Sergeant
serving in Baghdad, the grandson of the
late General Pinochet, Christian workers offering a puppy being
offered for adoption, and even an African astronaut stranded on
the Mir spacestation.
"It seems likely that scammers will continue to innovate and use
imaginative tricks to separate the unwary from their money for many
years to come," continued Cluley. "If more people kept in mind the
old adage of 'there is no such thing as a free lunch', and employed
a little skepticism, then maybe the bad guys would find the pool of
potential victims beginning to dry up."