LinkedIn spam drives traffic to Toronto Drug Store

Graham Cluley
Graham Cluley
@[email protected]

At first glance it may look like an official email from LinkedIn, the professional business networking site, asking you to confirm your email address.

But it’s not.

LinkedIn email spam

Because the emails don’t really come from LinkedIn, and clicking on the link does not take you to the LinkedIn website.

Sign up to our free newsletter.
Security news, advice, and tips.

Instead your browser is redirected to a website announcing that it is the “Toronto Drug Store”, where a square-jawed trustworthy doctor-type is accompanied by a cut-price Anne Hathaway lookalike.

Toronto Drug Store website

The online store claims it will be able to help you with erectile disfunction, and even offers a Thanksgiving sale in the form of a Cialis+Viagra “powerpack”. (A steal at $74.95).

Of course, the link embedded inside the email could just have easily taken your browser to a website hosting malicious code, or a phishing page designed to steal your LinkedIn credentials.

The gang behind this spam campaign are banking on just a tiny proportion of the email recipients being tempted to buy something from the Toronto Drug Store website. If that occurs, despite the recipients initially believing they had received an email from LinkedIn, it will be worth the effort of the spammers because of the commission they can earn.

Yes, it’s hard to believe that such a business model really works – but the cost of sending spam to millions of people is so small, and requires such little effort, that it still goes on.

My advice to you is to invest in a decent security solution that protects you not only against spam and malware that arrives in your email, but also checks the websites you are visiting in case they are dodgy too.

And remember to never buy goods sold via spam. If you do, you’re just encouraging the spam problem to continue.

If you receive an email out of the blue from a brand that you trust, think twice before blindly clicking on the link – it may not be taking you to the real website at all.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.