Watch out - that LinkedIn email could be a fake, laden with malware

News
By
published

Someone is spoofing LinkedIn's InMail notification emails

linkedin
(Image credit: Shutterstock / Ink Drop)
  • Security researchers find phishing emails spoofing LinkedIn notifications
  • The emails are distributing the ConnectWise Remote Access Trojan
  • There are multiple red flags, including fake companies, fake images, and more

Cybercriminals are spoofing LinkedIn notification emails to deliver the ConnectWise Remote Access Trojan (RAT) malware, experts have warned.

A new report from cybersecurity researchers Cofense Intelligence notes the phishing campaign likely started in May 2024 with an email mimicking a notification LinkedIn would send to a person when they receive an InMail message. The business platform does not allow people who are not connected to exchange messages, unless the sender is a Premium (paying) member. Then, they can use a service called InMail to reach out to people with whom they are not connected.

Receiving such a message would trigger an email notification from LinkedIn, which is what the attackers are spoofing here.

Bypassing email filters

There are multiple red flags in the email. First, the template used has been phased out by LinkedIn almost five years ago. Then, the supposed project manager/sales director sending the message does not exist, and the attached photo is labeled “executive16.png”. The profile picture used in the email belongs to the President of the Korean Society of Civil Engineering Law, a person called Cho So-young.

Finally, the company for whom the sender allegedly works is called “DONGJIN Weidmüller Korea Ind” and it, too, does not exist.

The email comes with one of two buttons: “Read More” and “Reply To”. Both trigger the download of ConnectWise, a remote administration tool that was originally part of ConnectWise ScreenConnect, a legitimate remote desktop software used for IT support and management. However, cybercriminals have hijacked it and abuse it as a Remote Access Trojan (RAT) to gain unauthorized control over systems.

The email made it past security filters primarily because of how email authentication settings were configured on the recipient's system, the researchers added.

Even though the email failed SPF (Sender Policy Framework) and wasn't signed with DKIM (DomainKeys Identified Mail), it still wasn't outright rejected by the system. This happened because the email security policy, specifically DMARC (Domain-based Message Authentication, Reporting, and Conformance), was set to "oreject" instead of fully rejecting suspicious emails.

This setting likely allowed the email to be marked as spam but still land in the recipient’s inbox.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Hacker silhouette working on a laptop with North Korean flag on the background
North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Beware, that Social Security email could be hiding dangerous malware
Russian flag on a laptop
Hackers are using Russian domains to launch complex document-based phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft authentication system spoofed via phishing attack
Hacker Typing
This devious two-step phishing campaign uses Microsoft tools to bypass email security
unblock facebook with vpn
A new Facebook phishing campaign looks to trick you with emails sent from Salesforce
Latest in Security
China
Chinese hackers who targeted key US infrastructure charged by Justice Department
linkedin
Watch out - that LinkedIn email could be a fake, laden with malware
An American flag flying outside the US Capitol building against a blue sky
Mass federal layoffs will have “devastating impact on cybersecurity, former NSA cybersecurity director warns
A hand reaching out to touch a futuristic rendering of an AI processor.
North Korean fake job hackers are going the extra mile to make sure their scams seem legit
A hand reaching out to touch a futuristic rendering of an AI processor.
Google Cloud unveils new AI Protection security tools, no matter which model you use
A TV remote pointing at YouTube logo
YouTube warns of phishing video using its CEO as bait
Latest in News
Stock photographs of people smiling and looking at laptops in a small business environment.
This web hosting platform elevates your online presence
The Samsung Galaxy S25 Edge on display at Galaxy Unpacked
Exclusive: the Samsung Galaxy S25 Edge will have durability to match its ‘sexy’ form
Metaphor: ReFantazio
Sega was Metacritic's highest-rated publisher of 2024 thanks to the critically acclaimed Metaphor: ReFantazio and Like a Dragon: Infinite Wealth
AirPods Pro Review
Apple has quietly updated its guidance on how to clean your AirPods, and suggests you buy a kit… from Belkin
China
Chinese hackers who targeted key US infrastructure charged by Justice Department
A screen shot of Lady Gaga in her interview with Zane Lowe for Apple Music
Lady Gaga’s Spotify press conference is being live streamed today – here’s where you can watch Spotify’s big step forward in fan inclusion
More about security
China

Chinese hackers who targeted key US infrastructure charged by Justice Department
A hand reaching out to touch a futuristic rendering of an AI processor.

North Korean fake job hackers are going the extra mile to make sure their scams seem legit
The Mound: Omen of Cthulhu

Ace Team announces The Mound: Omen of Cthulhu, a new first-person horror co-op coming to PS5, Xbox Series X, and PC this year
See more latest
Most Popular
The Mound: Omen of Cthulhu
Ace Team announces The Mound: Omen of Cthulhu, a new first-person horror co-op coming to PS5, Xbox Series X, and PC this year
Styx: Blades of Greed
Styx the goblin returns in Styx: Blades of Greed later this year
Robocop: Rogue City
RoboCop: Rogue City's new standalone expansion Unfinished Business announced at Nacon Connect 2025
Cthulhu: The Cosmic Abyss
Cthulhu: The Cosmic Abyss is a new first-person thriller from the studio behind Vampire: The Masquerade - Swansong
RISC-V
Startup formed by former Intel engineers and backed by AMD legendary chip designer wants to become the Arm of RISC-V
The Samsung Galaxy S25 Edge on display at Galaxy Unpacked
Exclusive: the Samsung Galaxy S25 Edge will have durability to match its ‘sexy’ form
Stock photographs of people smiling and looking at laptops in a small business environment.
This web hosting platform elevates your online presence
Three photos of the Dyson Supersonic r hair dryer
Dyson just released a consumer version of its best pro hair dryer, and I can't wait to get my hands on one
Metaphor: ReFantazio
Sega was Metacritic's highest-rated publisher of 2024 thanks to the critically acclaimed Metaphor: ReFantazio and Like a Dragon: Infinite Wealth
AirPods Pro Review
Apple has quietly updated its guidance on how to clean your AirPods, and suggests you buy a kit… from Belkin