14 DAY TRIAL // Security researchers from Web and email security vendor Websense are warning about a new wave of fake LinkedIn and Facebook emails riddled with malicious links.
The LinkedIn rogue emails masquerade as invitations to join another user's network and come with the usual subject of "Join my network of LinkedIn".
"Frankie Melvin has indicated you are a Colleague at Interbrand," one message given as example by the Websense researchers reads.
The email follows the regular LinikedIn network invitation template, but all of the links contained within have been replaced with malicious ones.
This means the destination for the Accept button has been changed to direct to a malicious page, as well as all links normally allowing the recipient to view the sender's profile or open the invitation folder on LinkedIn.
Meanwhile, the rogue emails appearing to originate from Facebook pose as notifications of unread messages awaiting in the user's account.
"You haven't been back to Facebook recently. You have received notifications while you were gone," the messages allegedly signed by "The Facebook Team" read.
As with the fake LinkedIn invitations, the links included in these Facebook emails, like the ones to sign in or read the messages, lead to malicious websites.
The practice of hijacking and misusing the email templates used by popular services to send official notifications is not a new one, however, the prevalence of this kind of spam seems to have increased in recent months.
This suggests that attacks employing this technique have a significant rate of success, or at least high enough for spammers to keep spending their resources on them.
In recent weeks we reported about similar emails with poisoned links which masqueraded as messages from YouSendIt, Gmail, ImageShack, My Opera, ShopNBC and Twitter.
Users should be vigilant at all times and check where every link received via email leads, regardless if the messages appear to originate from trusted sources.
