Sometimes if an email looks too real to be true, it probably is. This is certainly the case with some spam messages recently that go to great lengths to accurately replicate a message that might seem just plausible enough to warrant a click. From there we can have our systems attacked with various malware-spreading sites, or be duped into giving up our login credentials for a web service. While I've come very close to actually doing this, I've never fallen prey to a spam message as there is always a tell that lets us know we're not seeing the real deal.
Take this email I received today as an example:
It certainly looks legit, but there are five fatal flaws with this message.
- If the message is from LinkedIn, why does it say "Diana Jiminez" next to the email address?
- Why is the proper LinkedIn logo not being used? Every LinkedIn email contains that company's image assets.
- Who is Nicholas Luna? I don't recognize this name.
- My co-worker? At which company? Again, I don't recognize this name.
One might argue that the 2010 copyright is also dubious, but there are a number of companies that fail to update this information for various reasons1.
However, throwing caution to the wind I went to LinkedIn by typing the address manually and checking for any outstanding invitations. The result?
Yeah, that's what I thought.