If you are LinkedIn (and of course I am talking about the social networking site www.linkedin.com) then you may have received one of the 10,000 spear phishing emails that were sent out over the last few weeks.

If you didn't receive one, count yourself lucky. (A good article can be found at the Washington Post.)

The idea behind the attack was to send someone’s "business contacts" to the wrong person, thereby sparking the interest of that person to obtain some good contacts. After all, who doesn’t get curious about the contacts other LinkedIn users have? As is pointed out in the Washington Post article, if the attack has used a real LinkedIn request with a false URL, it could have been more successful.

In this case there was an attachment (the "business contacts") that, when opened, attempted to steal passwords and other important information from the infected PC. This sort of malware is nothing new, however the reasonably large scale spear phish coupled with a relatively new target may have resulted in a better than average successful infection. If you received one of these emails, and opened the attachment you may want to think about virus scanning or (if you are like me) re-install!

As with most services like LinkedIn, they often have an "online inbox" for messages they send. Checking this "online inbox" is a good way to check if a message is legitimate or not. If not, delete Delete DELETE!

Have a good weekend,
Richard