Fake invitations to connect on LinkedIn have become the most popular way for online fraudsters to try to ensnare their victims.
Such phishing emails are becoming harder to detect, with scammers increasingly targeting their messages to make them more plausible. As a result, promises of African fortunes are becoming rarer, and other lures are being used instead.
Security firm WebSense recently carried out an analysis of the top five subject lines in phishing emails during the first nine months of last year. They were surprisingly plausible:
1. Invitation to connect on LinkedIn
2. Mail delivery failed: returning message to sender
3. Dear <insert bank name here> Customer
4. Comunicazione importante
5. Undelivered Mail Returned to Sender
"Today's phishing campaigns are lower in volume but much more targeted. Cybercriminals aren't simply throwing millions of emails over the fence," says the company's Elisabeth Olsen. "They are instead targeting their attack strategies with sophisticated techniques and integrating social engineering tactics."
This means, she says, using social networks to gather information about potential victims to make sure their approach is as plausible as possible.
Key to the success of both the LinkedIn invitation and the undelivered mail messages is that they appear so very ordinary - making it far more likely that victims will click a link within the email without giving it too much thought. Doing so, though, can potentially allow criminals to place malware on their computers, monitoring activity and stealing financial log-in information.
Protecting yourself, says Gary Davis, VP of global consumer marketing for security firm McAfee, is a question of taking a few simple precautions - including, of course, installing security software and keeping it up to date. He advises computer users never to open attachments or click on links sent by people you don't know. If you do visit a website via a link in an email and you're asked to supply any personal information - don't.
And, he says, be very cautious on social networks.
"Cybercriminals take advantage of our natural instinct to trust those we know well. By hacking someone's social media account and posting a link or sending a flurry of messages as that person, criminals know that they have a high likelihood of duping people into clicking on a link," he says.
"Even if sent through a friend, be cautious if things look suspicious, especially if the message contains only a link and no text."