“Ms. Sarah Chen Sent You a Message” LinkedIn Phishing Scam

Email purporting to be from LinkedIn claims that a person named Sarah Chen is interested in your products and would like to make an urgent order. It features a “Read More” link that you can supposedly click to get further information.

Brief Analysis:
The email is not from LinkedIn or from any person interested in buying your products.  It is a phishing scam designed to steal your LinkedIn account login details as well as your email account password.

Subject: Ms. Sarah Chen sent you a new message‏.

Hello [Email address] ,Nice to meet you, how is everything, hope all is well with you. My name is Ms. Sarah Chen interested in your product. i checked your products on LinkedIn. I will like make an urgent order and shipment direct to our agent in Saudi Arabia. I will like order Full H… Read More

LinkedIn Corporation.

Sarah Chen LinkedIn Phishing Scam

Detailed Analysis:
According to this email, which purports to be from business focused social network LinkedIn, a certain Ms. Sarah Chen is interested in purchasing your products and would like to make an urgent order. The message is cut off in the middle of a sentence, but includes a “Read More” link that you can supposedly click to get further details about the proposed order.

If you are a business operator, you might think the message was a genuine opportunity to make a sale and therefore click the link. However, the message is not from LinkedIn or any legitimate customer. And, the “Read More” link does not go to an order request.

The name Sarah Chen is no doubt just one that has been made up by the criminals. The name, along with a photograph supposedly depicting Ms. Chen, has been featured in several different LinkedIn scam messages. In fact, the photograph depicts a US university computer science professor. The image, which I have omitted from the above example, was apparently stolen from the professor’s university profile page for use in the scam emails.

If you do click the link, you will be taken to a fraudulent website that has been designed to look like the genuine LinkedIn sign in page. If you then enter your LinkedIn account email address and password, you will be taken to a second fake webpage that asks for your name, email address, and email password. After entering the requested details, a popup message will claim that the full order details from Ms Chen will be sent to you shortly.

But, alas, online criminals can now collect the information your supplied on the fake site and use it to hijack both your LinkedIn account and your email account. They can then use the hijacked accounts to launch further scam and spam campaigns in your name. They can also harvest the accounts for more of your personal information.

It is always safest to login to LinkedIn – and your other online accounts – by entering the address into your browser’s address bar or via a trusted app.

Phishing scams targeting LinkedIn users are quite common. The LinkedIn website includes information about recognising and reporting such phishing scam messages.

Last updated: October 13, 2016
First published: October 13, 2016
By Brett M. Christensen
About Hoax-Slayer

LinkedIn “Unread Inquiries” Phishing Scam Email
Phishing Emails – LinkedIn
Phishing Scams – Anti-Phishing Information