A sharp-eyed colleague of mine was following his daily routine of checking his e-mail and social media updates when he came across a curious e-mail from LinkedIn. LinkedIn was requesting confirmation of his e-mail address long after he had been a contributing member of the social network. To the casual onlooker, this would appear to be a legitimate request from the social network.
There are two clues to watch for when dealing with potential spam.
1) The e-mail address. Many spammers will use misspelling of the domain in question to lure the reader into a false sense of security. This is an old spammer trick.
2) The web address that appears when hovering over the link. In this case, it was leading to a pharmacy site with a .ru extension.
To be honest, it almost fooled me and here is why.
The verbiage is completely identical. The good news is that you’ll either be drug to a pharmacy site (pun intended) where there is no threat if you close the site. OR, you’ll be treated to a ‘failure to submit’ request by LinkedIn.
Either way, whether it’s email or social media, malware writers have many avenues from which to choose. They can prey upon the ubiquity of email or the trusted nature of social media. At the end of the day, no matter what the channel, users have to be on the lookout and mind their clicks.