LinkedIn Leveraged to Lend New Life to Old Scam
LinkedIn is having trouble alerting members affected by the recent password theft.
Scammers are using LinkedIn to give their garden-variety cons an added air of legitimacy as they attempt to part gullible Internet users from their cash.
The scam has the sucker pay a large fee upfront, with the promise that he'll obtain a much larger sum of money later. Formerly called the Spanish Prisoner con, it's a method scammers have been using for centuries and which most recently became famous as the often amusing "Nigerian prince" or "419" email ruse.
Instead of via email, this latest version of the scam appears as a LinkedIn message from a Malaysian bank manager named Aziz Mohammad, reported Bitdefender's HotforSecurity blog.
"I am writing this particular message to you to ascertain whether you could be able to handle this matter effectively in your area or any place of your choice," the stiff-sounding, ungrammatical come-on reads. "Be inform that I wish to enter into business relationship with you which must be under your complete control and management."
The scammer then provides an email contact address — but it's a Yahoo address, not one from the bank Aziz Mohammed claims to work for.
Although the business opportunity is fake, the LinkedIn profile that it's sent from is based on a real LinkedIn page owned by a real Aziz Mohammad who really does work for Standard Chartered Bank in Malaysia. (LinkedIn has taken down the fake profile.)
Scammers took many of the real Aziz Mohammed's details to create dummy LinkedIn and Facebook accounts. On Facebook, however, the fake Aziz Mohammad uses as his avatar a press photo of former U.S. Secretary of State Colin Powell.
Many Internet users are accustomed to filtering out scams and junk mail in their normal email inboxes. On a professional networking site like LinkedIn, people might not be as guarded.
But, as is the case anywhere on the Internet, a LinkedIn contact isn't necessarily what it seems to be.
As Bitdefender's Bogdan Botezatu points out, LinkedIn does not verify that individuals are who they say or work where they claim to. Unless you know the individual personally, any claims made on LinkedIn have to be taken on faith. Users are advised to take all communications from strangers with a grain of salt.
If a seemingly legitimate opportunity does come your way, call the person contacting you, or meet him face to face. Don't wire money through services such as MoneyGram or Western Union; use a check or a credit card, which are much more secure and partially insured.
To protect themselves, Internet users in general should be wary of any requests or business repositions from strangers, especially if they involve transferring large sums of money and sound too good to be true.