Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

LinkedIn users warned over 419 scam

Known anyone called Natasha Kone?

Article comments

Users of the professional-oriented social networking site LinkedIn are being warned that scam artists are using the site to nab lucrative bank account information from naive victims, say security experts.

Advanced fee fraud - also known as "419 scams" after the relevant section of the Nigerian penal code - have become well-known to most e-mail users. The fraudster poses as a foreigner that has lucked into millions, but needs help to keep their money secure (one fraudster even pretended to bean African astronaut aboard the International Space Station).

As soon as someone is naïve enough to share their bank account information, they find that money is withdrawn from their account - not deposited, as promised.

Stymied by corporate email filters and buoyed by the trust that users are giving social networking sites, scammers are trying their old tricks in new channels, according to Graham Cluley, senior technology consultant at Abingdon, UK-based security vendor Sophos PLC.

"Now they're trying their scam with a network used by business people," he says. "By using this mechanism, the criminals know they're talking to people who aren't 13-year-olds, but people with money in their pockets."

Cluley shares one example of the phishing attack that he received on LinkedIn. A user named Natasha Kone claims to be a 22-year-old woman from the Ivory Coast. Her message goes through the usual scam-artist routine of describing the $6.5 million inheritance left to her by a deceased father, and why she's looking for a foreign partner to help secure the money.

It's a ploy most people would dismiss out of hand.

"The problem is that common sense isn't very common," Cluely says. Sophos knows of many examples of normally astute individuals suckered in by nicely formatted e-mails, and some have lost dollar sums in the millions.

Social networking sites are now the top phishing target,according to the most recent Internet Security Threat Report from Symantec. The sites are the source of the most phishing attacks in the top three countries where phishing occurs - the US, China and Romania.

Overall, phishing messages went up by five per cent in the second half of 2007. There was a total of 207,547 unique messages identified - that's 1,134 different messages for each day.

Scammers are enjoying the trust that social networking users tend to give to the Web sites. Users feel a false sense of security due to being connected to a network of their peers.

"Promiscuous users are accepting friend and network requests from people they don't even know," says David Senf, director of research for Canadian security at Toronto-based IDC Canada. "The trouble is that no one wants to be rude."

But workers should be more stringent about who they add to their friends list, experts say. There's no guarantee that the person you're adding isn't an Internet impersonator. Once a scammer is on your friend's list, you've given them an open route to repeated attempts at nabbing your sensitive information.

One simple measure LinkedIn users can take is to only accept invitations from people who at least know your e-mail address, Cluley says. It's an option that can be simply turned on.

"It's just an extra little bit of effort that most criminals will not take," he says. "They can't just willy-nilly spam everyone on LinkedIn."

LinkedIn's user conduct agreement states that misrepresenting your identity on the network is a breach. So is the use of invitations to send messages to people you don't know.

ITBusiness.ca requested an interview with a LinkedIn spokesperson, but there was no response at the time of publication.

But companies can't be rest-assured that LinkedIn will delete the accounts of all the bad guys out there, says Jim Lippard, director of information security at Florham Park, N.J.-based IP network provider Global Crossing. There should be a policy in place to address how employees use social networks.

"Advise employees not to put the company's proprietary information onto their profiles," he says. "Just be aware the information can be read by anyone."

Even users who consider themselves careful about who they add as friends have to be careful, Lippard adds. Social networks are made more unsafe for everyone by those who accept every connection put forward to them.

Staff recruiters at large corporations often have large friend lists, for example. The presidential candidates in the US election also have profiles and will accept anyone as a friend to build their popularity showcase, the security expert says.

"They're operating their profiles like a MySpace bands page," Lippard says. "Once you have an indiscriminate group of people doing this, that means there are more unsecure links closer to all users."

For now, one fraudster's identity has been removed from LinkedIn. Natasha Kone has been deleted from the social network's database. But there's no telling how much damage the scammer has already done.

"I'm sure the only person who really knows that is the one lurking behind the identity of Natasha Kone," Cluley says.


Share:

More from Techworld

More relevant IT news

Comments

Sheesh said: i hate stupid scams

bill said: Rajesh Satyarthi who is also on Linkedin and several other sites promoting himself as a freelance designer is a scam artist He will accept the job take the deposit and run BE CAREFUL HE IS A THIEF




Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *