There are always password stealing scams that everyone encounters. I see them all the time. The most recent slew of social engineering scams that I have encountered over the past few days are related to folks trying to steal my password for Twitter and LinkedIn since these are very popular social networking tools.
Please STOP and READ these types of emails closely. If there is ever any doubt, go directly to the company’s website and contact them directly. I know most of us “geek” types already know this, but please pass this along to your friends who may not be as on top of things.
Here’s the email I received that was supposedly from LinkedIn. I did remove a few characters from the links to ensure they are not fully valid and don’t link back to me. If you take a minute to actually look at the email, you will see that the characters don’t even spell LinkedIn. The character that looks like the capital “I” is really a lower case “L”. That is the case for every instance of the name LinkedIn.
Click here <http://newrxmedical.com> to confirm your email address.
If the above link does not work, you can paste the following address into your browser:
You will be asked to log into your account to confirm this email address. Be sure to log in with your current primary email address.
We ask you to confirm your email address before sending invitations or requesting contacts at Linkedln. You can have several email addresses, but one will need to be confirmed at all times to use the system.
If you have more than one email address, you can choose one to be your primary email address. This is the address you will log in with, and the address to which we will deliver all email messages regarding invitations and requests, and other system mail.
Thank you for using Linkedln!
--The Linkedln Team http://www.linkedln.com/
© 2012, Linkedln Corporation
Following is the fake email I received from “Twitter”. The web site isn’t even correct since it is using two “v”s in place of the “w”.
Please confirm your Twitter account by clicking this link: https://tvvitter.com/account/confirm_email/harold.wong/A1D93-55B36-662769 <http://wichimedicine.com/>
Once you confirm, you will have full access to Twitter and all future notifications will be sent to this email address.
The Twitter Team
If you received this message in error and did not sign up for a Twitter account, click not my account <https://tvvitter.com/account/confirm_email/harold.wong/76164-754D2-47221> .
Please do not reply to this message; it was sent from an unmonitored email address. This message is a service email related to your use of Twitter. For general inquiries or to request support with your Twitter account, please visit us at Twitter Support <https://support.tvvitter.com/> .
Thanks for sharing
Two "v"s instead of a "w". Not surprised. They closely resemble each other. Same type of "off" URLs. People don't notice them.
Original password Reset message from LinkedIn does not have any links. They just asked to go to website as usual and then reset the password.