September 27, 2010, 5:26 PM — I feel like a complete idiot. I just got taken by a LinkedIn spam that may have just stolen my banking password.
This is not the first time I've been an idiot or clicked on something I shouldn't. But this one could be really bad for me.
Today, spammers using fake Linked-In invitations attacked the Net in a massive way. How massive? According to Cisco Security, at one point today nearly 1 in 4 spam messages was a Fake LinkedIn invite.
Linked-In spam is nothing new -- I wrote about it just last month-- but this attack was particularly nasty, because it can embed password-stealing malware into your browser without you realizing it.
[ See also: Yes, Mr. Zuckerberg, we do care about privacy ]
My story: I saw several LinkedIn invites in my Gmail spam folder, and stupidly opened one of them inside Google Chrome. I even saw that the links inside the email were not to LinkedIn but to some oddly named third-party site. But curious about what would happen (and stupidly confident that my Kaspersky anti-malware software would protect me), I clicked it. My browser started to launch a new site, then quickly redirected to my home page.
Weird, I thought. I tried it again. Same thing happened. I figured that whatever site it was driving me toward had already been taken down by one of the anti-malware orgs like StopBadware.com, and thought nothing more about it.
A couple of hours later I logged into my banking site to check on my account. No big deal.
An hour after that I received the following email from Cisco Security:
Starting this morning, Monday 9/26, at 10am GMT, cyber criminals sent spam email messages targeting the LinkedIn social media community.