Thank you for your information!

09. March 2014 Security 0

Today while browsing LinkedIn I saw “One of your connections has commented on this:” with below an ad of some sort. It read “Looking to get more connections? Add email below!”. I thought to myself ‘sure, like I’m that stupid’ and then I noticed over 20400 people had commented. I thought to myself ‘no way’. So I clicked on the ad and there it was, a big, huge, enormous never ending list of email addresses. Hotmail, gmail, Yahoo, ISP, company, personal domain and more all there just begging to be copied by someone. This someone may sell it, spam it or use it for a juicy phishing attack. After all LinkedIn is almost guaranteed to be successful for spammers and scammers.

So why do tens of thousands of people post their email address to a public listing? LinkedIn connections are as addictive as ‘Likes’ on Facebook, most people will connect with just about anyone just to boast a huge number of connections. Of course there are also those that are looking for work and other legitimate reasons.

If I was a scammer what would I take away from this? It’s simple, LinkedIn members want connections, bad. So a phishing email is carefully crafted and sent out to all the email addresses on that list pretending to be a follow-up or asking to ‘confirm’ they want their address on the list. Maybe ask for some personal details to ‘complete the profile others will see when clicking on your address’ or a simple “Hi I found you through that giant list blabla, would you like to connect?”, just to name a few things. These people have already demonstrated they really want those connections so most will more than likely click whatever links are in the phishing email and even provide some additional info when asked. After all the people will remember adding their email address to that list, the email is from the came company, addresses them by name and they mentioned they would be sending confirmation emails. They even said certain people would get a bonus. The start of a great and potentially profitable relationship between those folks and the scammer.

There were a few people pointing out that listing your email address like this is generally not a good idea but their comments were quickly buried under a wave or more email addresses.

If you absolutely must give out your email address like this, educate yourself on phishing techniques and remember where you left your address lying around. This way you’ll know what kind of email you can expect to see in the future. Preferably before leaving your email address, or any personal information, do some research into the company or person asking for the info. Your email address is valuable information to a lot of people and companies out there, combined with your full name and information from your online profiles this can and likely will make you a target down the road.


Leave a Reply

Your email address will not be published. Required fields are marked *

*