Message purporting to be from business orientated social network claims that a user has invited the recipient to connect on the network.
© Depositphotos.com/ Lorelyn Medina
The message closely resembles a genuine invite email. However, the links in the message do not go to . Instead, they open a dodgy "Canadian Pharmacy" website that attempts to peddle drugs to unwary visitors.
Subject: Invitation to connect on LinkedIn
[Name Removed] wants to connect with you on LinkedIn.
According to this message, which purports to be from business social network LinkedIn, a user wants to connect with the recipient on the network. The message is very similar in appearance and wording to a genuine LinkedIn invite email.
However, the "Accept" button and secondary links in the message do not open the LinkedIn website as expected. Instead, they lead to an incarnation of the notorious Canadian Pharmacy website hosted in Russia. The dodgy website peddles all kinds of pharmaceutical products without asking for prescriptions.
By disguising their spam message as something completely unrelated to pharmaceutical products, the spammers hope that the message will slip past spam filters and trick at least a few users into clicking the link. Once on the site, most users would likely make a hasty retreat. But a few will apparently stay to buy some of the site's dodgy products. The fact that this tactic has been used multiple times in similar spam campaigns suggests that it actually works.
Of course, it is very foolish and potentially dangerous to buy any medicines from such bogus pharmacy sites. While customers may actually receive a product they order, they have no way of knowing if it is really the medication they were seeking. And the quality of the product may be highly questionable. More importantly, because a doctor has not prescribed the medicine, it may interfere with other medications that customers are taking or be unsuitable due to other health conditions.
Moreover, such sites often do not use secure pages to process credit card transactions, which could put the customer's credit card details at risk. And, any organization willing to use underhand and deceptive spam campaigns to attract customers certainly should never be trusted with credit card details or other personal information.