Over on the post “‘Spear phisher’ proves why you should be skeptical of LinkedIn updates > Social Networking > Vulnerabilities & Exploits > News > SC Magazine Australia/NZ” contains this text:
“Spear phisher’ proves why you should be skeptical of LinkedIn updates
Bugat trojan delivered in LinkedIn spam By SC Staff Apr 15, 2011 9:52 AM Tags: linkedin | spear | phish Trusteer experiment found half of social networkers would go to a landing page if asked. A recent spear phishing experiment led to half of a targeted audience reaching a specifically designed landing page in 48 hours.
Trusteer admitted that it picked 100 LinkedIn users, created a new identity and sent a fake job alert.
It said: ‘Since LinkedIn sends an alert when one of your connections has a new job, we decided to use this update method to create a fraudulent email. For each one of our targets we crafted a fictitious new job alert. We chose one of their LinkedIn connections and announced that this person was now working for a company that directly competes with our victim’s company.
‘We included a big button ‘View [friend’s name] new Title’ and we also included the friend’s photo. Clicking on the button redirects the victim to a different website, not LinkedIn. The website we used was innocuous, but it was a place holder for a potentially malicious website that places malware on the victim’s computer.’”
