Wolf in sheep’s clothing: Spammers use fake LinkedIn and Reddit notifications to redirect you to adult-themed websites

Bitdefender Small Business

During the past week, spammers have been assaulting millions of user inboxes with phony LinkedIn and Reddit notification emails that redirect users to adult-themed websites and bogus dating and cryptocurrency trading platforms.

According to Bitdefender Antispam Lab researchers, the spam campaigns began on Feb. 4, with 36% of the spam originating from IP addresses in the US, 9% from Russia and 5% from Germany.

Although the distribution of the spam messages spans all continents, spammers have a clear focus on European countries, particularly Sweden (34%), Denmark (15%), Ireland (9%), Germany (9%), Finland, Austria and the UK (3% each). Only 10% of the spam messages reached users in the US.

What’s ‘love’ got to do with LinkedIn

The scam messages resemble official LinkedIn correspondence and abuse the platform’s name, logo and email template to lure unsuspecting users. However, close analysis reveals a suspicious embedded button and a questionable sender’s email address with no ties to the social media platform. If you hover over the button, you’ll immediately notice the red flags – the URL does not match a legitimate LinkedIn webpage.

These scammers are crafty, leveraging the reputation of well-known social platforms to advance questionable subjects and content. This can be a highly effective trick since most internet users avoid such webpages.

Users familiar with the employment-oriented platform know LinkedIn is not a dating website. So why are these spammers using its popularity to push adult-themed content in favor of traditional credential phishing or malicious emails?

The true intent behind the latest campaigns is hard to pinpoint. However, given the high volume of scam emails we’ve picked up in the last week, the perps are apparently trying to lure internet users to fake hook-up platforms – where anything can happen.

Think about it like this: you unintentionally end up on a dating or online hookup platform where an attractive woman catches your eye. You ask yourself: ‘what could possibly go wrong’ and decide to investigate.

This is what scammers want you to do. They pique your interest with lewd photos of women and lure you to fake dating platforms. Once there, you’re asked to create an account and provide personal information that can be used to target you in future phishing campaigns; or worse, the scammers steal your credit card info and make fraudulent charges in your name.

The Reddit version and crypto

Similarly, the spammers use social news website and forum Reddit to promote phony websites, including ones that claim to specialize in crypto investments, and ask you to sign up by providing a variety of personal information, including email and password.

However, the scammers also used fake Reddit notifications to direct recipients to a so-called adult version of TikTok to get unsuspecting users to sign up to various dating websites that show graphic content and nudity, pictures most likely stolen from other online platforms and websites.

The success of these spam campaigns relies entirely on recipients’ interaction with the bogus correspondence.

We advise users to always check the sender’s email address and hover over embedded links or buttons before clicking to ensure the link leads to a reputable and safe website.

You never know where your internet surfing habits can take you, whether it’s a phishing website that wants to grab your information or a malicious page that infects your device with malware.

If you’re wondering whether a website is trying to scam you, check out Bitdefender Total Security trial free of charge for up to 90 days. Our advanced anti-fraud and anti-phishing filtering systems warn you whenever you visit a fraudulent website to keep you out of danger. Additionally, with the latest Scam Alert feature in Bitdefender Mobile Security for Android, users are notified whenever they receive dangerous links via SMS or notifications.