I used to think those "You have a new endorsement" emails from LinkedIn were cute.
But then I realized that they're a bit hacky (you can change the URL to make them say whatever you want) and also a security threat. You probably shouldn't click on them.
Just requires some scripting.
Part 1: Starts linking to other people with a fake profile.
Part 2: Using available information, determines the person's email address.
Part 3: Now connected to the person, select one of their connections and one of the things they've already been endorsed for.
Part 4: Using that information, create fake endorsement emails that link elsewhere. (It's a drive-by - when you hit the bogus site, your computer gets infected and it passes you on to linked in, complete with the fake endorsement.
Here's an example of a fake final destination. Of course, I wouldn't blame you if you didn't click it. (This one doesn't go through another server first and infect you.)
http://www.linkedin.com/profile/edit?showSuggestedEndorsements=true
&esl=Thanks+for+visiting+my+blog&eslIsEncrypted=f
&trk=eml-skills_endorsements-btn-0-existing_pills
The fake endorsement is not added to your list, of course.
No comments:
Post a Comment