Thursday, October 7, 2010

Use LinkedIn for Networking? Don't Get Duped by Spam Scam

CISCO reported that almost 25% of the world's spam on Monday for about 15 minutes came from infected related emails targeted at LinkedIn users.

The emails look legitimate and shows a linked in request.  If you click on the link, you wait for a few seconds and then Google launches.  Behind the scenes though, Zeus has been dropped onto your computer in what is called a "drive by download".

Zeus is the malware that typically focuses on stealing your online banking credentials from you.

If you use a mobile phone and think this does not apply to you, think again.  If they can infect your computer and your phone, they could reroute calls and text alerts so you will not know until it's too late.

The experts believe that this attack is most likely targeted at employees that have access to financial systems, including online commercial bank accounts.

Sample screen of the spam scam email from the Cisco Blog:

LinkedIn Spam

TIPS TO PROTECT YOURSELF:
1.  Educate - People are the first line of defense.
2.  Think Before You Click - Whenever you get reminder emails from social networking sites, I ignore the link and go directly to the site.  Most sites have an easy way to get to your pending messages.
3.  Computer Changes - If your computer starts to act sluggish or freezing up, you may be infected by Zeus or another malware; refer to a computer professional to clean your computer.

Sources:
"LinkedIn Attack Spreads Zeus Financial Malware", Mathew J. Schwartz, InformationWeek,  September 29, 2010.


"LinkedIn and ZeuS", Adam Ross, Nextgov.com, October 1, 2010.

"LinkedIn Zeus spam run targets prospective business marks", John Leyden, The Register, October 5, 2010.

CISCO Blog Report at http://blogs.cisco.com/security/cisco_security_tracks_linkedin_spam_attack/ 

No comments:

Post a Comment