Someone's trying to hack...

[The Captain]

My LinkedIn account. 

Can't for the life of my figure out why.  I'm getting multiple notifications from them about an attempt and a security pin.

Tempe, AZ and St. Petersburg - Russia.



I'm kinda afraid to log in.  I just want to delete the damn account anyway.  More trouble than it's worth.

[ArchietheDragon]

But how else will the world know that Joe Blough endorsed your tax skills?

[Opti]

Are you sure these notifications are from LinkedIn? Sounds like email from hackers hoping for help to break in? I don't understand the mind of scammers. I got email about my breached Facebook account long before I ever got even had an account.

[The Captain]

pffth!  

At this point in my career I really don't care who endorses my skills.  My current position and the fact that I've held it for 4 years does that well enough.

I hate the marketers who use it to try to contact me to sell me services.  They always seem to call at the worst possible times as well.

[The Captain]

Sept 2, 2015 11:33:38 GMT -5 Opti said:

Are you sure these notifications are from LinkedIn? Sounds like email from hackers hoping for help to break in? I don't understand the mind of scammers. I got email about my breached Facebook account long before I ever got even had an account.

Since there is no hotlink for me to (stupidly) click on and just directions about using a special pin the next time I long in (again - no link provided) it doesn't seem to fit any phishing scam I know of...

[Opti]

How do marketers use LinkedIn to call you?   Not sure if you can have phone numbers on LinkedIn, but if you can, perhaps you should remove yours.

[Opti]

Sept 2, 2015 11:36:19 GMT -5 The Captain said:

Sept 2, 2015 11:33:38 GMT -5 Opti said:

Are you sure these notifications are from LinkedIn? Sounds like email from hackers hoping for help to break in? I don't understand the mind of scammers. I got email about my breached Facebook account long before I ever got even had an account.

Since there is no hotlink for me to (stupidly) click on and just directions about using a special pin the next time I long in (again - no link provided) it doesn't seem to fit any phishing scam I know of...

Still sounds not legit. Are you willing to post the text of what you got without the PIN and whatever else may be unique?

[The Captain]

Sept 2, 2015 11:37:34 GMT -5 Opti said:

How do marketers use LinkedIn to call you?   Not sure if you can have phone numbers on LinkedIn, but if you can, perhaps you should remove yours.

My name, title, and the company I currently work for is in my profile.  Someone who wants to sell me (really the company I work for) a service (such as real estate tax appeals) can easily look up the main number and ask for me by name.  The switchboard then has no reason not to pass the call through.

Yes there are other ways to get this information, but I noticed an uptick in these type of cold calls immediately after I created the account.

[The Captain]

LinkedIn 


   


Hi XXXXX, 


We noticed someone just tried to sign in to your LinkedIn account from a location you haven't used before, so we want to make sure it's really you. 

If you did try to sign in:
Please use this verification code to complete your sign in: 785259 

If you didn't try to sign in, be sure to change your password by clicking the link below.  (Note - I missed this before but it is a HTTPS link with the linkedin header)
 
Thanks for helping us keep your account secure.
The LinkedIn Team 

When and where this happened: 
Date: September 2, 2015, 6:20 AM 
Browser: Chrome 
Operating System: Windows 
IP Address: 66.85.164.53 
Approximate Location: Tempe, Arizona, United States 

Didn't do this? Be sure to change your password right away. 
 
The change your password link didn't come across and sorry, not clicking on it (I can hover over it and see the full link, though)
 


This email was intended for My real name (my real title). Learn why we included this.
If you need assistance or have questions, please contact LinkedIn Customer Service.

[wyouser]

I think we need to hire Vito and Big Al an send em to St Petersburg with a B I G axe to make them a "hacking Offer" they can't refuse! I detest all those who hack!!

[Opti]

I think LinkedIn's policy is still not to email about this stuff. I have no idea how easy to is to come up with a secure HTTP link that is bogus.

I'd ignore it, or log in as normal possibly from a public computer. All that info makes it sound less legit to me. Its weird, and very strange that any legit provider would actually have & give you that information. Hover over the sending email address, usually they try to sound legit but fail.

[Opti]

Sept 2, 2015 11:59:47 GMT -5 wyouser said:

I think we need to hire Vito and Big Al an send em to St Petersburg with a B I G axe to make them a "hacking Offer" they can't refuse! I detest all those who hack!!

I think the locations and emails are bogus. Not positive, but sounds too weird to be legit to me.

[The Captain]

Opti - I'm tending to agree with you.  Still, I'd like to know if it's possible to hack a legit domain name with an https...

Also kinda quesy about them knowing my name, title and company I work for if it really is a hack, then it's a very targeted one.

[Opti]

Did not find anything useful, but someone posted there are scam accounts in the financial sector. Might be why yours is desired by scammers and mine is not.

[mmhmm]

If it were me, I'd go directly to LinkedIn and log into my account myself, without using any link. Then, if you don't want the account anymore, just delete it. If you've logged in yourself, you won't get pulled into a phishing scheme by clicking on the link in the email.

[dannylion]

If it is an attempt to access your account, it probably isn't just you. They're probably going after lots of people until they get one who responds. If they don't get a response, they'll probably stop trying after a while.

[Deleted]

My aunt has this happen on FB with 2 women with the same name as her. They all used their name as their email address with just minor differences like putting a period between the first name and last name. She gets emails intended for them and notifications of failed attempts to open her FB.

[The Captain]

laterbloomer - I appreciate the thought.  My name is kind of unique, though.  I google myself from time to time to check how much of an internet presence I have, and have never found a doppelganger.

From the sounds of it I think I'll just delete the account.

[ArchietheDragon]

From Linked in website:


help.linkedin.com/app/answers/detail/a_id/4788


Security Footer Message in LinkedIn Emails
Why is my full name and professional headline included in messages from LinkedIn?
Last Reviewed: 09/18/2013
In our messages to you, we include a security footer message with your name and professional headline to help you distinguish authentic LinkedIn emails from "phishing" email messages. "Phishing" emails often look very similar to legitimate ones, but they likely wouldn't have this personalized information and may also contain links that direct you to malicious sites instead of LinkedIn.

By default, your professional headline in the security footer message consists of your current position and the company listed on your LinkedIn Profile. You may customize this professional headline at any time. Currently, only certain emails from LinkedIn contain a security footer message, but expect to see it in all emails in the coming months.

While the presence of this security footer message alone does not guarantee that an email is legitimate, it gives you additional assurance that the email originated from LinkedIn. Most "phishing" attacks targeting large mailing lists will not have this information. When in doubt, open a new browser window and go directly to LinkedIn.com to check your Inbox and verify the connection request or message. If you suspect that you’ve received a "phishing" email impersonating LinkedIn, please forward the entire email to safety@linkedin.com.

Learn more about phishing in our Safety Center.

[The Captain]

Well shit.  I just got a call from one of my vendors thanking me for accepting his invitation.

Except I didn't do it.



Now I'll have to delete the account for sure and deal with all the calls from folks to whom I'm linked in.

[Opti]

Crap. The Captain did you log into LinkedIn days ago?

I have had my Yahoo account hacked into, however, I discovered it under 24 hours, so I logged in and changed the password. Until you posted, I had no idea spammer/scammers were messing with accounts on LinkedIn in the financial sector.

[The Captain]

Nope, haven't logged in for a month or so.