CYBER CRIMINALS AVOID CORPORATE SPAM FILTERS BY SENDING MESSAGES VIA WEB 2.0 BUSINESS NETWORKING SITE

Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centres, have warned workers of the dangers of connecting with people they don't know via the business networking website LinkedIn. Sophos's warning comes following the discovery that advanced fee fraud scammers are using the site to try and find potential victims.

Advanced fee fraud, also known as 419 scams after the relevant section of the Nigerian penal code, are a common sight in many computer users' email inboxes. Typically they claim to offer a small fortune in the form of a lottery win or inheritance, in exchange for an individual's banking details or payment of a “handling charge”.

Scammers obstructed by corporate anti-spam defenses at the email gateway have now turned to sites like LinkedIn to try and lay traps for unwary business workers.

Earlier this year, a 419 scam was sent via the LinkedIn website claiming to come from a 22-year-old woman living in the Ivory Coast who has been passed US$6.5 million by her deceased father.

Spammers are trying to lure workers into financial scams via LinkedIn connection requests.

The message goes onto request bank account information and implore the recipient and potential victim to reply to a Yahoo! email address within seven days.

“419 scammers may be hoping that the typical professional on LinkedIn may have more disposal income than the archetypal MySpace or Facebook user, and is potentially a bigger catch. Furthermore, whereas many are used to receiving dangerous spam in their inbox,” said Graham Cluley, senior technology consultant at Sophos. “Web 2.0 sites like LinkedIn and Facebook give strangers the ability to contact you, without the defensive umbrella of your corporate anti-spam filter. Computer users should be on their guard about any unsolicited email as it could be from a cyber con-man.”

Sophos experts recommend that LinkedIn users who wish to reduce the chances of receiving spam change their communications settings on the site.

“LinkedIn provides the ability to prevent people from sending you an invitation to connect unless they know your email address or appear in your 'other contacts' list,” explained Cluley. “That should cut out a lot of the junk mail arriving at your LinkedIn account. Other options can reduce the amount of spam you receive at LinkedIn even further.”

Other examples of 419 email scams seen in the past include a message claiming to come from a US Sergeant serving in Baghdad, the grandson of the late General Pinochet, Christian workers offering a puppy being offered for adoption, and even an African astronaut stranded on the Mir spacestation.

“It seems likely that scammers will continue to innovate and use imagine tricks to separate the unwary from their money for many years to come,” continued Cluley. “If more people kept in mind the old adage of 'there is no such thing as a free lunch', and deployed a little skepticism, then maybe the bad guys would find the pool of potential victims beginning to dry up.”