My Computer Was Hacked: A Case Study
As a freelance writer concentrating on health and true-life stories, Melanie Hudson was never really into the corporate scene. So when a friend invited her to join LinkedIn, an online networking site for professionals who are largely in business, she had to think twice.
“I didn’t really see the point, as LinkedIn seemed more like a way for like-minded corporate people to network with one another,” says the 47-year-old from Sidcup in Kent. “But when I looked into the site, it only took a few minutes to set up and was free, so I went ahead.”
For about a year, Melanie rarely went on LinkedIn, which asks people to post a kind of virtual CV online, and invites colleagues to post recommendations. Her CV remained largely updated, and she managed to accrue only about 15 contacts.
“I really never thought about it, and even though I have over 200 Facebook friends I didn’t really care that I had so few LinkedIn contacts,” she says. “It seemed a bit too business-like for me, and to be honest I wasn’t that interested.”
Ignoring RequestsInviting people on LinkedIn is similar to Facebook: you send an in-house email and all the recipient has to do is click to become a contact. If you don’t know the person, you can ignore the request, which is what Melanie did when she got an invitation from a man called “Bill”.
“He sent a short personal message about how we could play some game together once we were contacts, which I thought was odd. And as I didn’t recognise his name, I thought it was even odder,” says Melanie.
“I clicked in to look up his profile and make sure I didn’t know him, which I think was my mistake. Within a few days, all sorts of people I did know suddenly became my friends on LinkedIn. My contact book went up from about 15 people to over 150!”
Spamming People for ContactsMelanie thinks that by clicking to see “Bill’s” profile, something was activated in her account. LinkedIn went through every email address she had and invited every single individual to become a contact. Some didn’t respond but some did, enough to bump up her contacts 15 times.
“It was ridiculous, as they even sent emails to Tesco Customer Service and Transport for London asking them to become my contacts, since I had sent them emails in the past,” Melanie laughs.
“The worst bit was that people I never see and people I don’t really like were suddenly becoming my virtual friends. And I had to scramble to update my online CV – I have a master’s degree but had only taken the time to write down my secondary school credentials! So I had to update everything.”
Why her Computer Was HackedMelanie is still not sure why anyone would hack into her computer to spam her LinkedIn account. “I don’t think they wanted to update my LinkedIn account, I think it was more sinister than that,” she says.
“I think they wanted access to other information on my computer, which is why once I realised what happened I immediately changed my LinkedIn password, so they couldn’t do any more damage. Plus I have a lot of anti-virus protection on my computer, which would make it hard for anything to get through.”
Melanie could be right about the spammer's motives. A survey from CISCO claims that 25 per cent of all computer spam comes from infected LinkedIn emails. A fake request is sent, such as the one Melanie got, which then deposits Zeus malware, which is designed to steal bank details, into your computer.
Clicking on bogus reminders to activate contact or friend requests can also install the Zeus malware, so when users get requests they should always go to the URL of the site and click directly on it, instead of clicking in an email.
Keeping Malicious Malware at Bay“My computer and all my banking details seem untouched – knock on wood – but I feel bad that my LinkedIn account may have inadvertently infected other people with malicious malware,” says Melanie.
“I know it’s not my fault, but I still feel indirectly responsible. I haven’t heard of any negative repercussions yet, so maybe nothing bad has happened. I’ll just have to wait and see.
“In the meantime, however, I am not clicking on any emails I get from LinkedIn, and going directly to the site instead. I am just deleting them, and hoping that’s the end of it!”