Hi! As a well-connected individual (with well over a thousand connections on LinkedIn) who receives invitations to connect on a daily basis, I wasn’t surprised to learn that Websense Security Labs researchers found that the most successful headline for a phishing campaign is “Invitation to connect on LinkedIn”.
The reason for this being so popular (which it must be according to its success rates) is because unlike emails received from banks and credit card companies, social media messages (and especially LinkedIn, which is a respectable network of professionals) are not perceived as as source-threatening content.
So you receive a legitimate looking LinkedIn invitation email, something like the email below:
All the obvious signs (funky looking email address, funky name, broken English) are absent. Until today, one would simply click the “View Profile” link or “Accept” button. Now we know that these are potentially phishing messages and we need to take better precautions. So what can we do to identify if this is a legitimate request? Simply hover with the mouse over the “View Profile” link or “Accept” button to see the actual link address. If the link is different to http://www.linkedin.com, then you should not click it.
Another method for identifying if this is indeed a scam is to open your LinkedIn account from your browser (or phone app) and check your Inbox for invitations. If the same message does not appear there it must surely be a scam. Once you have established this is SPAM, you can mark this as SPAM in your outlook.