Fake LinkedIn Requests: How to Spot Them

Last Updated Aug 16, 2010 10:27 AM EDT

A couple months ago I showed you the anatomy of a phishing e-mail. The sample I used was a pretty obvious fake, one that most users (I hope) would spot right away.

This one, however, almost got me:

As you can see, it's a dead ringer for a real LinkedIn invitation, the kind I receive every few days. And I almost clicked it, but a couple telltale signs raised flags:

  • I don't know anyone named Alana Mcpherson.
  • I've never heard of Interbrand.
  • This request was one of five, all of which arrived within minutes of each other, all from names I didn't recognize, and all from Interbrand.
And, sure enough, when I moused over the embedded LinkedIn link, the URL that popped up was some weird .info address.

If I'd clicked one of the links, I might have fallen victim to a "drive-by" malware infection (which can occur just by visiting a particular Web page). Or I might have been asked to supply some personal info (which I never would, of course, but that's only because I know better).

The moral of the story, as always: look before you leap, and think before you click.

  • Rick Broida On Twitter»

    Rick Broida, a technology writer for more than 20 years, is the author of more than a dozen books. In addition to writing CNET's The Cheapskate blog, he contributes to CNET's iPhone Atlas.