Identify Phishing, Scams, Spam, and Malware
With all the email that's sent today, it's a good idea to educate yourself on how to tell the difference between legitimate messages and potentially harmful ones.
Phishing is the practice of emailing likely members of a website (for example, social networks, banks, or games) with the goal of directing them to a legitimate-looking but fraudulent website to obtain usernames, passwords, financial information, and other sensitive data.
LinkedIn has joined the DMARC organization with other industry leaders like Facebook, Google, and PayPal, with the goal of fighting phishing and spam. In accordance with DMARC standards, LinkedIn digitally signs all emails we send. This allows participating email providers to identify our legitimate emails and throw away the phishing and/or spam emails. While most major email providers such as Google, Yahoo!, Microsoft, and AOL adhere to DMARC standards, a number of providers haven't implemented it.
We also work with many industry partners to identify websites and email campaigns that engage in phishing or spamming, so that we can remove them from the Internet. Sometimes we're able to do this within an hour of the email crossing our radar. These combined efforts should decrease the chances of you receiving a fraudulent LinkedIn phishing or spam email.
It can be very alarming when you realize you've been the victim of a possible scam. While we do our best to prevent fraudulent messages from reaching you, scammers can be clever, making it impossible to stop everything. This is why it's important to educate yourself on scams. The more you know, the harder it will be for you to fall for one.
Scams are a form of fraud, usually committed through email. Scammers like to impersonate legitimate people or companies in an effort to steal your money, and in some cases, your identity.
While scams can vary greatly, be watchful for these common schemes:
- Advanced fee fraud scams - These scams will try to trick you into paying a small fee in order to receive a large sum of money, or a percentage of a large sum of money. Other types of advanced fee fraud scams aim to steal your banking details in order to transfer money out of a country.
- Job scams - These scams originate from fraudsters pretending to be recruiters or employers offering employment opportunities that pay a lot of money for little work. Common job scams include mystery shoppers, work from home, and personal assistant scams.
- Dating and romance scams - These scams come from fraudsters who claim they've viewed your profile photo, are attracted to you, or want to get to know you better. If people engage with these fraudsters, a request for money will usually follow.
In addition to these scams, the Internet Crime Complaint Center (IC3) is a great resource that lists different types of scams you could encounter.
If you've been a victim of a scam, report it to your local law enforcement. If you've encountered a scam on LinkedIn, learn how to report the message to us.
Spam differs slightly from phishing. Spam includes unsolicited marketing emails, typically sent in bulk from a company you haven't done business with, with the intention of advertising goods or services. You may see spam on LinkedIn via one of our communication channels, such as member-to-member messaging, group discussions, or network update feeds.
Inappropriate behavior can range from an unwanted message to calculated spam campaigns. Regardless of the extent, LinkedIn is a professional networking site and we expect members to keep all content professional.
Learn how to report spam messages.
Malware can be the result of phishing or spam campaigns. Malicious software, or "malware", refers to a variety of software designed to harm your computer. This can include disrupting your computer's normal operations (making it run slower or causing abrupt pop-ups), or stealing your personal information. Viruses are a type malware that aim to spread from computer to computer with the intention of exploiting or deleting your computer's data.
We recommend investing in antivirus software, which helps protect your online information in an unsecure Internet environment. Antivirus software is designed to detect potential online threats and as prevent them from infecting your computer. By protecting your computer, you're also protecting other people's computers since malware often spreads through email.
The following are steps we take to protect you from malware:
- We scan uploaded files for malware and viruses. If we identify an infected file or image, we prevent the download from occurring and keep it from infecting your computer.
- We include your full first and last name, as well as your current professional headline, in the footer of all our messages to help you identify legitimate LinkedIn communications. Discard any messages claiming to be from LinkedIn but don't have our security footer.
- Our messages will never ask you to download software or provide sensitive information such as a password or a Social Security Number.
Here are some steps you can take to protect your computer:
- Be careful when opening and replying to email messages. Malware spreads most commonly via email attachments. If you receive an email with an attachment (especially if you don't know the sender), don't open it.
- Choose effective antivirus software and keep it up to date. The updates to your antivirus software are important because they aim to keep up with ever-evolving viruses attempting to infiltrate your online information.
- Make sure you're using the most current version of your Internet browser and that you're updating it when prompted.
Protect yourself from fraudulent messages
Whether it's a phishing email, a scam message, or junk mail, here are some tips to remember when reading and responding to your emails:
- Don't share your personal information, such as government issued ID numbers, birthdate, credit card or bank account numbers, to people you don't know.
- Don't enter usernames, passwords, or other personal information by clicking on links from emails. It's best to go to the website directly by typing it into your browser.
- When applying for jobs online, be wary of recruiters who ask you to send information to an email address that isn't associated with the company. The email domain should contain the actual company name, such as @linkedin.com.
- Use caution when clicking on links contained within messages. Malware can infiltrate your system if you click on a bad link. If you're suspicious, move your cursor over any link (without clicking on it) to verify that it's directing you to the real website.
- For LinkedIn messages specifically, make sure they contain our security footer.
Bottom line, if you are suspicious of the message, delete it!
Warning signs of fraudulent messages
The following is a list of common themes found in fraudulent messages:
- Offers that seem too good to be true. When in doubt, independently confirm the person, company, and request.
- Messages containing bad spelling or grammar.
- Messages that aren't addressed to you personally.
- Messages asking you to act immediately.
- Messages asking you to provide personal information in order to claim prizes or other goods.
- Messages offering free gifts in exchange for completing a survey or another minor task requiring you provide your personal information or pay a small fee.
- Messages detailing investment opportunities or money transfers that require you to share personal information or banking details upfront.
- Messages claiming that there is unclaimed money or assets of some kind in your name, and asking for a small fee upfront in order to receive it.
- Messages asking you to open an attachment to install a software update.
What to do if you've opened an attachment or provided personal information through a fraudulent message
- Some fraudulent messages have attachments that contain malware or lead to virus-infected websites. If you think you've opened or clicked something harmful, we recommend scanning your computer using a current version of an antivirus software.
- If you've entered your username and password on a fraudulent phishing site, change your password as soon as possible. If your financial information was compromised, contact your financial institution right away, and place fraud alerts on your credit reports. Also, keep a close eye on your account activities to spot any unauthorized charges.
- Learn more about reporting phishing or scam messages to us.