Victims lured into scam with offer of sharing $27m.
Hackers are using LinkedIn to phish for people’s details in a setup similar to the Nigerian Prince scam, according to the security firm Malwarebytes.
Messages are said to be sent from a fake profile of former US Army general Carter Ham asking victims to send their name and contact details, in exchange for a share of $27m the attacker claims to have been paid.
Jovi Umawing, malware intelligence analyst at Malwarebytes, said: "We don’t know if the former general is indeed on the said social networking site (in case you’re wondering)."
A search on LinkedIn revealed several profiles for Ham, many of which were incomplete and none of which could be confirmed as legitimate.
"What we do know is that if you receive a message similar to the one above asking for personal information from you in exchange for a slice of the cash s/he wanted to move, it’s best to ignore the message and check with this contact if his/her account has been hacked or not," Umawing added.
In the guise of the general the attacker claims to be in Syria for a peacekeeping mission, but wishes to transfer money out of the country, with the offer of allowing the victim to keep a quarter.
However the email is riddled with spelling and punctuation mistakes, and the LinkedIn profile of the general has a biography copied from Wikipedia, a crowdsourced encyclopaedia.
The message reads: "I do apologize for contacting you in this means but due to security reason involve in this transaction i have run a private confidential search on your profile and i discover you are reliable truthful person who can help me."
Unlike the original Nigerian Prince scams, the attacker does not ask for money to be deposited in an account with promises that a larger sum will be paid back, but the stolen details might well be used to spread malware or as part of identity fraud.
LinkedIn has been contacted for comment.