Analysis by: Chloe Ordonia

Trend Micro received a sample message that poses as a legitimate LinkedIn notification. Recipients may be fooled as the email looks legitimate and the visible links in the message body looks similar to those used by LinkedIn. However, this message uses URL cloaking. When clicked, the said link leads the recipient to a malicious site. We have seen other variants of this message but with different links that lead to different malicious sites, such as fake pharmaceutical Web pages.


Distributing fake email notification of popular Web sites is one of the oldest tricks in a spammer's book. Trend Micro recommends that users be observant and double check the legitimacy of such email messages. Never click on the links provided in these messages. Once verified as fake, delete these from the inbox.

 SPAM BLOCKING DATE / TIME: November 25, 2011 GMT-8
 TMASE INFO
  • ENGINE:6.8
  • PATTERN:8542