Bogus LinkedIn Invitations Lead to Malware
LinkedIn is having trouble alerting members affected by the recent password theft.
Convincing, but fake, "invitations to connect" from prominent businesses and industry groups are targeting LinkedIn users who hope to make their professional network more robust.
Like a real LinkedIn invitation, the email prompts the user with the familiar "accept" and "ignore" buttons. But upon clicking one, the user will be redirected to a site preloaded with malware that's ready to jump in and infect victims' computers.
This scam is just the latest effort to infect computers with the Blackhole exploit kit. Blackhole, possibly the most prevalent current threat to Web users, exploits security holes in browsers in order to infect visiting computers, which can then be enslaved into botnets or mined for personal or financial information.
The easiest way to protect against phishing attacks like this one is to verify where the link really leads by hovering your mouse cursor over the link until the URL appears. Even if a message appears to come from a company or individual you trust, verifying links can save money and hours of headaches.
Follow Ben on Twitter @benkwx.