LinkedIn You Appeared in Search this Week Junk Emails

Comments: 43
Views: 6,469
Save
Updated: Nov. 19, 2020 2020-11-19T20:43:35
Posted: Sep. 24, 2018 2018-09-24T14:19:16
Online Threat Alerts (OTA)

Online users who have received the "LinkedIn You Appeared in Search this Week" email below, are asked to delete them. This is because the fake or junk emails are being sent by spammers. The links in the fake emails go to spam and phishing websites.

A "LinkedIn You Appeared in Search this Week" Spam Email

From: LinkedIn <deschachspiel.schuldenfalle@bongfaschist.de>

Sent: Monday, September 24, 2018 12:08 PM

Subject: You appeared in 3 search this week

LinkedIn

You appeared in 3 search this week

You were found by people from these companies

Avanade

See all searches

Get the LinkedIn app.

Stay updated wherever you are

Download for free

Unsubscribe | Help

You are receiving LinkedIn notification emails.

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search

engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.

Was this article helpful? +

Yes (1)
No (0)

Share this with others:

The comments, reviews or answers below do not necessarily reflect the views of Online Threat Alerts (OTA).

November 19, 2020 at 8:43 PM by info
"From:"LinkedIn" <dkathy.carbone@ariesgl.com>
Sent:
Fri, 20 Nov 2020 06:08:27 0000 (UTC)
Subject:
You appeared in 6 search this week
You appeared in 6 search this week
LinkedIn
You appeared in 6 search this week
You were found by people from these companies"
Here is another scam.
remove
October 18, 2020 at 12:45 PM by info
"From:
"LinkedIn" <eyrotux3780@codetel.net.do>
Sat, 17 Oct 2020 20:55:06 0000 (UTC)
Subject:
Hello, you appeared in 5 search this week #1992
You appeared in 5 search this week
LinkedIn
You appeared in 5 search this week
You were found by people from these companies
Avanade
See all searches
Get the LinkedIn app.
Stay updated wherever you are"
Here is another scam.
Download for free
remove
October 16, 2020 at 6:58 PM by info
"From:
"LinkedIn" <darrennn@litemore.com.au>
To:
Sent:
Sat, 17 Oct 2020 05:26:48 0000 (UTC)
Subject:
[iiSPAM] You appeared in 9 search this week
You appeared in 9 search this week
LinkedIn
You appeared in 9 search this week
You were found by people from these companies
Avanade"
Received this scam.
remove
June 6, 2020 at 12:41 PM by info
"You appeared in 2 searches this week
LinkedIn <notifications-noreply@linkedin.com>
Sat 6/6/2020 11:19 AM
LinkedIn
You appeared in 2 searches this week
You were found by people from these companies
LeaseQuery Eris Property Group (Pty) Ltd
See all searches
Get the LinkedIn app.
Stay updated wherever you are
Download for free"
Received this scam.
remove
November 25, 2019 at 7:46 AM by an anonymous user from: Toronto, Ontario, Canada
Whenever I get a notification of being in a LinkedIn search, it usually means in a few days I will get hit with a huge amount of fraud, extortion (ie "filmed you m**********g so pay up") or fake charity emails. A pattern that is so evident. Appears these people use LinkedIn search facility to harvest email addresses. LinkedIn really doesn't care or verify legitimate searches (by companies) from these bad harvesters of names and emails.
remove
July 7, 2019 at 7:38 AM by info
"From: LinkedIn <rog-submairo@caseyusa.com>
Sent: Saturday, July 6, 2019, 3:02:04 PM PDT
Subject: You appeared in 5 search this week
LinkedIn
You appeared in 5 search this week
You were found by people from these companies
Avanade
See all searches
Get the LinkedIn app.
Stay updated wherever you are
Download for free"
Here is another junk email.
remove
May 30, 2019 at 8:03 AM by info
Here is another scam:
- Forwarded Message -
From: LinkedIn <mnchaffee@maxprofit.se>
Sent: Wednesday, May 29, 2019, 12:28:33 AM PDT
Subject: You appeared in 1 search this week
LinkedIn
You appeared in 1 search this week
You were found by people from these companies
Avanade
See all searches
remove
May 30, 2019 at 7:01 AM by info
Here is another scam:
- Forwarded Message -
From: LinkedIn <ekckydbzt@buypower.com>
Sent: ‎Wednesday‎, ‎May‎ ‎29‎, ‎2019‎ ‎03‎:‎19‎:‎34‎ ‎AM‎ ‎PDT
Subject: You appeared in 7 search this week
LinkedIn
You appeared in 7 search this week
You were found by people from these companies
Avanade
See all searches
remove
October 9, 2018 at 4:39 PM by an anonymous user from: Vienna, Austria
Correction...
fastdiets-line[.]world
is hosted by Frantech/Ponynet/Voxility
fastdietlines[.]world looks like it is parked at Namecheap.
Anyway, the rest is valid. Report the domains, send complaints to the hosting company at where they are sitting. And the spam will stop in most cases.
remove
October 9, 2018 at 4:37 PM by an anonymous user from: Vienna, Austria
Just keep on reporting the domains
burning-fats[.]world
fastdietlines[.]world
to the respective hosts, right now one is hosted at Psychz network and the other one is at Frantech - wich seems to not sanctioning that abuse cases.
Towards Frantech/Ponynet - Forward your received mail - with the forwarding domain which points towards their IP - and make them aware that they host a resource advertised over mail-spam redirect.
Should work also for Psychz and any other hosting companies once that 2 domains are again being banned.
But Frantech/Ponynet needs a more stronger push with lots of evidence so they decide to ban that fraud customer. Perhaps it helps to write a mail to Voxility - of which Frantech is a customer.
Anyway, you want abuse solved.. then write for each spot redirect an abuse mail and that for every single mail you receive. That works.
remove
October 5, 2018 at 7:53 PM by an anonymous user from: Baltimore, Maryland, United States
YaY! Today is the 1st day in months that I have not received a single one. Someone has done good work. Thanks!
remove
- October 8, 2018 at 7:59 PM by an anonymous user from: Phoenix, Arizona, United States
  3 days no linkedin spam. Somebody did a good thing.
  remove
October 4, 2018 at 10:46 PM by an anonymous user from: Amsterdam, North Holland, Netherlands
Please help to stop this annoying spam mails. I receive 10-20 mails a week. Is there any solution available yet? Thanks anyway. Kind regards from Holland.
remove
October 4, 2018 at 5:05 PM by an anonymous user from: Manchester, England, United Kingdom
More details regarding supplyonline[.]su.
Domain age is 1 day
Registered to georgiiavdeev1994@mail.ru
Located in Russia
Directs to a "Canadian Pharmacy since 2001".
remove
October 4, 2018 at 4:52 PM by an anonymous user from: Manchester, England, United Kingdom
Tophouse[.]su has now been changed to supplyonline[.]su. The rest of the redirects appear to be the same.
remove
October 4, 2018 at 6:12 AM by an anonymous user from: Fort Worth, Texas, United States
View the headers, copy them, visit SpamCop.net (a Cisco service) and paste the headers in the box. Click to have SpamCop analyze the headers and determine who to send reports to.
Send your reports. Done. The more of us that do this, the more it will hamper the spammer and eventually they will move onto a new list of victims because the current list has too many hactivists working against them ;)
remove
October 4, 2018 at 2:47 AM by an anonymous user from: Sydney, New South Wales, Australia
Same here in Australia, Canadian pharmacy.
remove
October 3, 2018 at 6:38 PM by an anonymous user from: Manchester, England, United Kingdom
Multiple Emails per day, all from different Email addresses with various numbers in the "You appeared in x search this week" title.
Each Email received has a link, the link is different on each one (Same as how the Email address is different). Each is a compromised Wordpress site.
All links have 4 redirects, the first redirect is a unique GET request.
The second redirect is to either -
burning-fats[.]world/all/mywwxxxxxx ... or
fastdietlines[.]world/all/mywwxxxxx (Unique strings at the end of the URL)
The third is to -
burning-fats[.]world/assets/spctECUrxxxxx or
fastdietlines[.]world/assets/spctECUr (Unique strings at the end of the URL as above)
The final landing site is - tophouse[.]su
The third link is a stylesheet and all named the following - CID=411298&ADID=2129826
The second link runs a stylesheet, within which all have the following address within its source code - http://148.251.45[.]254.d.megaanalitycsstats.com and ending with - window.location.replace("http://tophouse[.]su")
Tophouse[.]su is running nginx webserver and all you see is the holding page.
Burning-fats[.]world is hosted bySERVERIUS-AS.
Fastdietlines[.]world is hosted by SERVERIUS-AS.
Tophouse[.]su is hosted by SPACENET-AS.
Tophouse[.]su has the following Email associated with it - axmet.zykov@mail.ru
Tophouse[.]su flags the following
(SID: 2014170, Rev: 2, Severity: 1) categorized as "A Network Trojan was detected"
Other sites that contact this host are -
http://www.cafedelalbapr[.]com/cheerfulnessz.html (Trojan)
DNS Requests
www.cafedelalbapr[.]com
tophouse[.]su
isrg.trustid[.]ocsp.identrust.com
burning-fats[.]world
Contacted Hosts
97.74.182[.]1
162.248.241[.]76
95.101.72[.]176
62.173.149[.]44
http://www.iemsbschool[.]com/wp-content/uploads/2018/likenk.html (Trojan)
DNS Requests
www.iemsbschool[.]com
tophouse[.]su
isrg.trustid[.]ocsp.identrust.com
fastdietlines[.]world
Contacted Hosts
107.180.46[.]193
146.185.253[.]126
95.100.96[.]179
172.227.102[.]35
93.184.220[.]29
62.173.149[.]44
95.100.97[.]106
104.18.25[.]243
152.199.19[.]160
tophouse[.]su - Domain Age: 23 Days
tophouse[.]su - IP: 62.173.149[.]44
Logged as a phishing site with Fortinet.
remove
October 3, 2018 at 10:16 AM by an anonymous user from: San Jose, California, United States
For the past week or so I've been receiving 10-20 of these e-mails each day!
remove
October 3, 2018 at 7:38 AM by an anonymous user from: Wels, Upper Austria, Austria
Final redirection source is
"tophouse.su" - hosted on Russian provider "spacenet.ru"
Forwarding domains are for example:
"burning-fats.world" - on Serverius on IP 146.185.253.155
"burnfat-tips.world" - IP 194.9.178.1 - Quadranet
remove
October 3, 2018 at 3:39 AM by an anonymous user from: Hobart, Tasmania, Australia
If somebody could kindly identify the target domains of this spam (i.e. the domain names and IP addresses where the parasitic criminal is hosting his excr*ment) and list them here, it should be enough info to hit the sc*mbags hosting this parasite with a subpoena to reveal the spamming parasitic criminal's name and etc.
This cr*p is constantly incoming now and it's bordering on a DDOS attack, this spammer is morphing the 'from' address so it's difficult to block.
remove
October 2, 2018 at 9:08 PM by an anonymous user from: Buenos Aires City, Buenos Aires Autonomous City, Argentina
It's hard to beleive Outlook spam filter can't block this directly. I mean they all have the same subject and we receive lots of them per day. Do they filter have some kind of heuristic to learn to block this annoying emails?
remove
October 2, 2018 at 12:00 PM by an anonymous user from: Lewisville, Texas, United States
I receive at least 10 of these bogus email a week. I have been deleting them, but I will report them now I have the link for it. Thanks.
remove
- October 3, 2018 at 2:57 AM by an anonymous user from: Liverpool, England, United Kingdom
  Only 10! I'm getting at least 4 or 5 a day. And the sending email domain is changing constantly so even blocking by domain doesn't stop the bl**dy things!
  remove
October 2, 2018 at 7:45 AM by an anonymous user from: Vienna, Austria
looking for a solution as well...
remove
October 1, 2018 at 10:24 PM by an anonymous user from: Perth, Western Australia, Australia
Is there any solution yet to stop receiving these annoying emails?
remove
October 1, 2018 at 10:02 PM by an anonymous user from: Baltimore, Maryland, United States
Recently been getting one or two, occasionally. Then it jumped to two or three regularly, now it's up to seven every single day.
Been forwarding them to phishing@linkedin.com per the instructions on their website, but so far, not only no relief but it's gotten much worse.
remove
October 1, 2018 at 8:11 PM by an anonymous user from: Pak Kret, Nonthaburi, Thailand
It is getting pretty annoying now. I am getting several fake linkedin emails per day. Time for someone to take this bugger out of the air!
remove
October 1, 2018 at 10:37 AM by an anonymous user from: Garland, Texas, United States
I knew immediately the plural Linked In "appeared in _ searches this week" messages were spam. I have never had a Linked In profile so I knew these were fake. A least my email provider automatically moves these to the junk mail folder.
remove
September 30, 2018 at 11:57 AM by an anonymous user from: Omaha, Nebraska, United States
I've been analyzing the headers deeply. It appears the originating IP address is spoofed as well as the FROM email address, obviously.
So doing IP lookup on that is no good. You might be able to send an ABUSE complaint to the originating email server at best.
All links in the email body go to the same URL. This URL gets redirected to "fastlines-diet.world". I've also had some at other similar URL names.
They all seem to be registered at NAMECHEAP. I've sent ABUSE complaints to NAMECHEAP and to those URLs (which is probably a mistake as is just verifies my email address to them), but these ABUSE complaints will only get those URLs blacklisted and won't stop the SPAM from being sent with SPOOFed email address and originating IPs.
What else can I do to help? I'm quite tech savvy. If there is other info I can provide to you I would be happy to start this fight on all SPAM.
remove
- September 30, 2018 at 2:03 PM by info
  Thank you, the information you have provided is very helpful.
  remove
September 29, 2018 at 10:26 AM by an anonymous user from: Temecula, California, United States
Thanks for this. I thought maybe I was getting it as a result of recently starting to apply for jobs.
remove
- September 30, 2018 at 3:56 PM by an anonymous user from: Otelfingen, Zurich, Switzerland
  Yes mee too after searching for jobs. I'm receiving 5 to 10 LinkedIn spam e-mails. All of them come with the same message from the same LinkedIn name but with a different email... I'm getting frustrated.
  remove
September 28, 2018 at 11:22 PM by an anonymous user from: Needham, Massachusetts, United States
Many every day! Please ISPs, delete these entirely, don't send them to junk mail as occasionally something good is in Junk folder. STOP THIS!
remove
September 27, 2018 at 8:07 AM by an anonymous user from: Bristol, England, United Kingdom
What happens if a link in these is clicked on? It opens up two webpages.
Do they automatically download anything?
remove
- September 27, 2018 at 2:03 PM by an anonymous user from: Pleasanton, California, United States
  DON'T, as they will hijack the browser and splatter pay up your pc; has been hijacked page.
  remove
- September 27, 2018 at 12:51 PM by an anonymous user from: Bedminster, New Jersey, United States
  I clicked "unsubscribe" just to see what would happen and it took me to Canadian Pharmacy, and I think they were selling Viag**. I don't think anything was automatically downloaded. I'm reporting each one I get as spam or phishing, and I notice each one is being sent from a different sender, so blocking doesn't work. Getting 6 of these or more in each 24 hour period starting just recently.
  remove
- September 27, 2018 at 8:13 AM by info
  No, nothing is downloaded automatically.
  remove
September 25, 2018 at 8:52 PM by info
There is also:
"You appeared in 1 search this week"
"You appeared in 2 search this week"
"You appeared in 3 search this week"
"You appeared in 4 search this week"
remove
September 24, 2018 at 8:40 PM by info
There is also:
"You appeared in 5 search this week"
"You appeared in 6 search this week"
"You appeared in 7 search this week"
"You appeared in 8 search this week"
"You appeared in 9 search this week"
remove
- September 26, 2018 at 8:40 AM by an anonymous user from: Bedminster, New Jersey, United States
  I'm getting all of these up to five and six times a day. I've tried without success to use rules to have them automatically deleted, but somehow they keep getting around whatever rule I try no matter how I set it up. Very frustrating!
  remove
  - October 1, 2018 at 3:16 AM by an anonymous user from: Charleroi, Wallonia, Belgium
    Yeah. The unsubscribe links all seem to go to hijacked wordpress sites. But receiving them 10 times a day is becoming very tiring. They appear in spam, but that makes it harder to add a mail rule to delete them automatically.
    remove
    - October 1, 2018 at 3:58 PM by an anonymous user from: Bedminster, New Jersey, United States
      I'm starting to forward each one I get to abuse@outlook.com. Let's see what they can do with them.
      Mine go directly to spam as well, but it is still a pain to have to delete them.
      I wish I knew how to set a rule to eliminate these, but nothing I try works.
      remove