The other day I was browsing to my LinkedIn account and instead of typing “linkedin.com”, I unwittingly typed in “llinkedin.com”. Notice the difference? I sure didn’t, and once I had hit enter, I was instantly redirected to this page:
Looks legitimate enough right? That’s what I thought and I figured LinkedIn might have hired this 3rd party company to perform surveys for them. Most of us don’t normally care for surveys, but this one was only 4 questions and promised “exclusive offers” at the end. The “available today only” is also a nice touch to motivate the user to submit a survey (people who legitimately do surveys, take note!).
Since I just woke up and haven’t had my morning coffee, I blindly went ahead and filled out the survey. Finally at the end, here was the dead giveaway that this was fake:
The giveaway was that someone was willing to give away 2 laptops or a TV just for taking 3 minutes of your time to answer 4 simple questions? That’s where I drew the line and instantly knew this was fake and just a phishing scam.
Another dead giveaway was when I came back to this site and used incognito mode (effectively turning of my plugins), the first page had an audio loop congratulating me. In this case, my spam blockers actually made it more difficult to spot a fake site!
I’ve always considered myself tech savvy enough to catch these types of sites before I actually do interact with them. Luckily in this case I haven’t entered in any personal information. Probably clicking the “Select Prize” button would take me to a page where I enter in all billing and shipping information. So I lessons learned:
Pay attention to what you typed in the address bar. New browsers are trying to hide the address bar to give the user more space to view the website. I think this is a major security flaw and will be a boom for phishers to take advantage of unknowing victims.
Always pay attention to the site you are on. If the site looks suspicious, double check your address bar and your history to see you typed the right link. If this domain name is not the original name you typed in, close the browser and delete your cookies!
Watch out for 3rd party URL’s. Websites that use 3rd party services to host pages on a separate domain should take note that they are at fault for causing this. How do we, as public users, know whether you are using a 3rd party or not?
If something is too good to be true, it is! Free lunch, especially a coveted $1,500 laptop, is very rare or at least takes some significant effort to achieve!
LinkedIn Phising Website
Posted by eric in Commentary on June 5, 2011
The other day I was browsing to my LinkedIn account and instead of typing “linkedin.com”, I unwittingly typed in “llinkedin.com”. Notice the difference? I sure didn’t, and once I had hit enter, I was instantly redirected to this page:
Looks legitimate enough right? That’s what I thought and I figured LinkedIn might have hired this 3rd party company to perform surveys for them. Most of us don’t normally care for surveys, but this one was only 4 questions and promised “exclusive offers” at the end. The “available today only” is also a nice touch to motivate the user to submit a survey (people who legitimately do surveys, take note!).
Since I just woke up and haven’t had my morning coffee, I blindly went ahead and filled out the survey. Finally at the end, here was the dead giveaway that this was fake:
The giveaway was that someone was willing to give away 2 laptops or a TV just for taking 3 minutes of your time to answer 4 simple questions? That’s where I drew the line and instantly knew this was fake and just a phishing scam.
Another dead giveaway was when I came back to this site and used incognito mode (effectively turning of my plugins), the first page had an audio loop congratulating me. In this case, my spam blockers actually made it more difficult to spot a fake site!
I’ve always considered myself tech savvy enough to catch these types of sites before I actually do interact with them. Luckily in this case I haven’t entered in any personal information. Probably clicking the “Select Prize” button would take me to a page where I enter in all billing and shipping information. So I lessons learned:
phising, security
No Comments