Every day there are emails landing in my junk folder that are phishing emails. With the most recent attacks on the computer networks of Merck, the Ukraine government and thousands of other companies, it’s become increasingly important to be vigilant about what comes into our computers and how we handle them.
Just this past week, I received an email that appeared to be from LinkedIn and it wasn’t. It was a phishing email that, if I wasn’t paying attention, might have caused me a lot of heartache. Here’s what it looked like.
So, how did I know it wasn’t legit? LinkedIn has a whole section in their help center with details on how to tell if emails are really coming from them. Between their info and my experience, here’s how I figured it out:
Obvious Signs it Isn’t Legit
- LinkedIn emails give you the option to open in a web browser. This one doesn’t have that.
- The actual from email address doesn’t mention LinkedIn.com at all. Usually they come from email@example.com or firstname.lastname@example.org or something similar.
- This one makes you think it’s urgent. Generally, LinkedIn does not send “act now or else” messages. Anytime you get one, you should beware!
- The salutation started with Dear User. LinkedIn always personalizes their messages to include your first name (as it shows on your profile).
- I am automatically suspicious of any unsolicited request to confirm my email address or any other personal information. And in this case, they want to “update your LinkedIn”. Sorry, I’m the only one who updates my LinkedIn.
- The link they want me to click is not to LinkedIn.com. (Red flag, warning, red flag!)
- My emails from LinkedIn usually have the distinctive blue background. This one is a plain email.
Not So Obvious Signs
- There is no LinkedIn logo anywhere in this note. Usually it’s at the top and the bottom of an email sent by LinkedIn. (Note some spammers will include the logo but it won’t be the right color.)
- There is a full link to a click on that looks like it’s from LinkedIn, but LinkedIn always uses hyperlinks.
What You May Not Know
- Almost all emails from LinkedIn use a security footer that is specific just to your account. In that security footer, LinkedIn includes your headline, exactly as you have it on LinkedIn at that moment in time. Immediately after that it says “Learn why we include this” and it’s linked to their help center. They also include links for changing your LinkedIn email settings. You’ll also notice they include their address. (Note, I’ve seen phishing emails that don’t include your header information and have the address wrong.)
- LinkedIn will send emails to your primary account. This is not the main email I use for LinkedIn. This is was a huge red flag.
Advice from LinkedIn
LinkedIn’s Help Center says: “While the presence of this security footer message alone does not guarantee that an email is legitimate, it gives you additional assurance that the email originated from LinkedIn. Most “phishing” attacks targeting large mailing lists will not have this information. When in doubt, open a new browser window and go directly to LinkedIn.com to check your Inbox and verify the connection request or message.”
If you think you have received phishing emails impersonating LinkedIn, they ask that you forward the whole email to email@example.com.
This email surprised me a little bit. Typically, there are grammar or spelling errors that are also signs of phishing or spam. This one was fairly well written. The pretense was sketchy to me though.
I strong recommend that you never open links from emails, even when you’re pretty sure they are safe. The spammer, scammer, icky-guys as I call them, are getting smarter all the time. Not only do they install malware to mess up your computer but now they are installing ransom-ware on your computer that demands a payment of usually $ 300 in bitcoin currency. Expensive and messy.
Be careful out there!
Photo credit: Wikepedia Commons