Image

Five Strikes, and You're a Phish!
Phishers generally deliver the new scam to a target's LinkedIn inbox in the form of an email. Here's what the email says:Subject line: LinkedIn is requesting files from you From: "LinkedIn Messages" < [email protected] > Date: 4 November 2016 Hi [name], Thank you for being our valued customer. Your account has been selected by our verification office as a precautionary measure to defend you. Upload a viewable, scanned copy of the payment method account holder’s government-issued photo identification, such as a driver’s license or passport. Upon receipt and verification, we will notate your account that the necessary documentation to substantiate your account has been received. We thank you in advance for your cooperation and apologize for any inconvenience this may cause. The image must be a color scan that shows your photo and required data clearly. https: //www.dropbox[.]com/request[/]4o80dqbZ0Wf4[sanitized] This link will expire in 24 hours, so be sure to use it right away. Thank you for using LinkedIn! The LinkedIn Team
Image

"Upon verification, we found that http : [//]fnotify.com/ is an empty WordPress website that belongs to a Finnish citizen, which was most likely compromised to be used in this phishing campaign."Second, the message claims LinkedIn's team wants to verify the target's account "as a precautionary measure to defend [them]." Fine, but against what? Any legitimate company would go into more detail about the reasons why they're taking this step. In the very least, they would identify the threat to which they're responding. Another red flag is the fact that the message mentions a "payment method." Unless you have a LinkedIn Premium account, you have no reason to give your payment details to LinkedIn. And you should never give your account credentials to ANYONE via email no matter who they purport themselves to be. The fourth red flag is the fact that LinkedIn directs you to a Dropbox page where you can upload your documents. If this message actually originated from LinkedIn, the message would come with a unique service designed and hosted by the social networking site. It would not link to a free page provided by third-party software.
Image
