»

Spam - The "LinkedIn You Appeared in Search this Week" Junk Emails

 +
Spam - The "LinkedIn You Appeared in Search this Week" Junk Emails

Would you share this Article with others?

Online users who have received the "LinkedIn You Appeared in Search this Week" email below, are asked to delete them. This is because the fake or junk emails are being sent by spammers. The links in the fake emails go to spam and phishing websites.

A "LinkedIn You Appeared in Search this Week" Spam Email

From: LinkedIn <deschachspiel.schuldenfalle@bongfaschist.de>

Sent: Monday, September 24, 2018 12:08 PM

Subject: You appeared in 3 search this week

LinkedIn

You appeared in 3 search this week

You were found by people from these companies

Avanade

See all searches

Get the LinkedIn app.

Stay updated wherever you are

Download for free

Unsubscribe | Help

You are receiving LinkedIn notification emails.

Note: Some of the names, addresses, email addresses, telephone numbers or other information in samples on this website may have been impersonated or spoofed.

Please share what you know or ask a question about this article by leaving a comment below. Also, check the comment section below for additional information, if there is any.

Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: info@onlinethreatalerts.com

Also, report missing persons, scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent.

If you want to quickly find answers to your questions, use our search engine.

You can help maintain Online Threat Alerts (OTA) by paying a service fee. Click here to make payment.

Comments, Questions, Answers, or Reviews
(Total: 38)

To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews.

The comments or reviews below do not necessarily reflect the views of Online Threat Alerts.

  • July 7, 2019 at 7:38 AM by info

    "From: LinkedIn <rog-submairo@caseyusa.com>

    Sent: Saturday, July 6, 2019, 3:02:04 PM PDT

    Subject: You appeared in 5 search this week

    LinkedIn

    You appeared in 5 search this week

    You were found by people from these companies

    Avanade

    See all searches

    Get the LinkedIn app.

    Stay updated wherever you are

    Download for free"

    Here is another junk email.

    remove

  • May 30, 2019 at 8:03 AM by info

    Here is another scam:

    ----- Forwarded Message -----

    From: LinkedIn <mnchaffee@maxprofit.se>

    Sent: Wednesday, May 29, 2019, 12:28:33 AM PDT

    Subject: You appeared in 1 search this week

    LinkedIn

    You appeared in 1 search this week

    You were found by people from these companies

    Avanade

    See all searches

    remove

  • May 30, 2019 at 7:01 AM by info

    Here is another scam:

    ----- Forwarded Message -----

    From: LinkedIn <ekckydbzt@buypower.com>

    Sent: ‎Wednesday‎, ‎May‎ ‎29‎, ‎2019‎ ‎03‎:‎19‎:‎34‎ ‎AM‎ ‎PDT

    Subject: You appeared in 7 search this week

    LinkedIn

    You appeared in 7 search this week

    You were found by people from these companies

    Avanade

    See all searches

    remove

  • October 9, 2018 at 4:39 PM by an anonymous user from Vienna, Austria

    Correction....

    fastdiets-line[.]world

    is hosted by Frantech/Ponynet/Voxility

    fastdietlines[.]world looks like it is parked at Namecheap.

    Anyway, the rest is valid. Report the domains, send complaints to the hosting company at where they are sitting. And the spam will stop in most cases.

    remove

  • October 9, 2018 at 4:37 PM by an anonymous user from Vienna, Austria

    Just keep on reporting the domains

    burning-fats[.]world

    fastdietlines[.]world

    to the respective hosts, right now one is hosted at Psychz network and the other one is at Frantech - wich seems to not sanctioning that abuse cases.

    Towards Frantech/Ponynet - Forward your received mail - with the forwarding domain which points towards their IP - and make them aware that they host a resource advertised over mail-spam redirect.

    Should work also for Psychz and any other hosting companies once that 2 domains are again being banned.

    But Frantech/Ponynet needs a more stronger push with lots of evidence so they decide to ban that fraud customer. Perhaps it helps to write a mail to Voxility - of which Frantech is a customer.

    Anyway, you want abuse solved.. then write for each spot redirect an abuse mail and that for every single mail you receive. That works.

    remove

  • October 5, 2018 at 7:53 PM by an anonymous user from Baltimore, Maryland, United States

    YaY! Today is the 1st day in months that I have not received a single one. Someone has done good work. Thanks!

    remove

    • October 8, 2018 at 7:59 PM by an anonymous user from Phoenix, Arizona, United States

      3 days no linkedin spam. Somebody did a good thing.

      remove

  • October 4, 2018 at 10:46 PM by an anonymous user from Amsterdam, North Holland, Netherlands

    Please help to stop this annoying spam mails. I receive 10-20 mails a week. Is there any solution available yet? Thanks anyway. Kind regards from Holland.

    remove

  • October 4, 2018 at 5:05 PM by an anonymous user from Manchester, England, United Kingdom

    More details regarding supplyonline[.]su.

    Domain age is 1 day

    Registered to georgiiavdeev1994@mail.ru

    Located in Russia

    Directs to a "Canadian Pharmacy since 2001".

    remove

  • October 4, 2018 at 4:52 PM by an anonymous user from Manchester, England, United Kingdom

    Tophouse[.]su has now been changed to supplyonline[.]su. The rest of the redirects appear to be the same.

    remove

  • October 4, 2018 at 6:12 AM by an anonymous user from Fort Worth, Texas, United States

    View the headers, copy them, visit SpamCop.net (a Cisco service) and paste the headers in the box. Click to have SpamCop analyze the headers and determine who to send reports to.

    Send your reports. Done. The more of us that do this, the more it will hamper the spammer and eventually they will move onto a new list of victims because the current list has too many hactivists working against them ;)

    remove

  • October 4, 2018 at 2:47 AM by an anonymous user from Sydney, New South Wales, Australia

    Same here in Australia, Canadian pharmacy.

    remove

  • October 3, 2018 at 6:38 PM by an anonymous user from Manchester, England, United Kingdom

    Multiple Emails per day, all from different Email addresses with various numbers in the "You appeared in x search this week" title.

    Each Email received has a link, the link is different on each one (Same as how the Email address is different). Each is a compromised Wordpress site.

    All links have 4 redirects, the first redirect is a unique GET request.

    The second redirect is to either -

    burning-fats[.]world/all/mywwxxxxxx ... or

    fastdietlines[.]world/all/mywwxxxxx (Unique strings at the end of the URL)

    The third is to -

    burning-fats[.]world/assets/spctECUrxxxxx or

    fastdietlines[.]world/assets/spctECUr (Unique strings at the end of the URL as above)

    The final landing site is - tophouse[.]su

    The third link is a stylesheet and all named the following - CID=411298&ADID=2129826

    The second link runs a stylesheet, within which all have the following address within its source code - http://148.251.45[.]254.d.megaanalitycsstats.com and ending with - window.location.replace("http://tophouse[.]su")

    Tophouse[.]su is running nginx webserver and all you see is the holding page.

    Burning-fats[.]world is hosted bySERVERIUS-AS.

    Fastdietlines[.]world is hosted by SERVERIUS-AS.

    Tophouse[.]su is hosted by SPACENET-AS.

    Tophouse[.]su has the following Email associated with it - axmet.zykov@mail.ru

    Tophouse[.]su flags the following

    (SID: 2014170, Rev: 2, Severity: 1) categorized as "A Network Trojan was detected"

    Other sites that contact this host are -

    http://www.cafedelalbapr[.]com/cheerfulnessz.html (Trojan)

    DNS Requests

    www.cafedelalbapr[.]com

    tophouse[.]su

    isrg.trustid[.]ocsp.identrust.com

    burning-fats[.]world

    Contacted Hosts

    97.74.182[.]1

    162.248.241[.]76

    95.101.72[.]176

    62.173.149[.]44

    http://www.iemsbschool[.]com/wp-content/uploads/2018/likenk.html (Trojan)

    DNS Requests

    www.iemsbschool[.]com

    tophouse[.]su

    isrg.trustid[.]ocsp.identrust.com

    fastdietlines[.]world

    Contacted Hosts

    107.180.46[.]193

    146.185.253[.]126

    95.100.96[.]179

    172.227.102[.]35

    93.184.220[.]29

    62.173.149[.]44

    95.100.97[.]106

    104.18.25[.]243

    152.199.19[.]160

    tophouse[.]su - Domain Age: 23 Days

    tophouse[.]su - IP: 62.173.149[.]44

    Logged as a phishing site with Fortinet.

    remove

  • October 3, 2018 at 10:16 AM by an anonymous user from San Jose, California, United States

    For the past week or so I've been receiving 10-20 of these e-mails each day!

    remove

  • October 3, 2018 at 7:38 AM by an anonymous user from Wels, Upper Austria, Austria

    Final redirection source is

    "tophouse.su" - hosted on Russian provider "spacenet.ru"

    Forwarding domains are for example:

    "burning-fats.world" - on Serverius on IP 146.185.253.155

    "burnfat-tips.world" - IP 194.9.178.1 - Quadranet

    remove

  • October 3, 2018 at 3:39 AM by an anonymous user from Hobart, Tasmania, Australia

    If somebody could kindly identify the target domains of this spam (i.e. the domain names and IP addresses where the parasitic criminal is hosting his excr*ment) and list them here, it should be enough info to hit the sc*mbags hosting this parasite with a subpoena to reveal the spamming parasitic criminal's name and etc.

    This cr*p is constantly incoming now and it's bordering on a DDOS attack, this spammer is morphing the 'from' address so it's difficult to block.

    remove

  • October 2, 2018 at 9:08 PM by an anonymous user from Buenos Aires, Buenos Aires F.D., Argentina

    It's hard to beleive Outlook spam filter can't block this directly. I mean they all have the same subject and we receive lots of them per day. Do they filter have some kind of heuristic to learn to block this annoying emails?

    remove

  • October 2, 2018 at 12:00 PM by an anonymous user from Lewisville, Texas, United States

    I receive at least 10 of these bogus email a week. I have been deleting them, but I will report them now I have the link for it. Thanks.

    remove

    • October 3, 2018 at 2:57 AM by an anonymous user from Liverpool, England, United Kingdom

      Only 10!! I'm getting at least 4 or 5 a day. And the sending email domain is changing constantly so even blocking by domain doesn't stop the bl**dy things!

      remove

  • October 2, 2018 at 7:45 AM by an anonymous user from Vienna, Austria

    looking for a solution as well...

    remove

  • October 1, 2018 at 10:24 PM by an anonymous user from Perth, Western Australia, Australia

    Is there any solution yet to stop receiving these annoying emails?

    remove

  • October 1, 2018 at 10:02 PM by an anonymous user from Baltimore, Maryland, United States

    Recently been getting one or two, occasionally. Then it jumped to two or three regularly, now it's up to seven every single day.

    Been forwarding them to phishing@linkedin.com per the instructions on their website, but so far, not only no relief but it's gotten much worse.

    remove

  • October 1, 2018 at 8:11 PM by an anonymous user from Bang Talat Subdistrict, Nonthaburi, Thailand

    It is getting pretty annoying now. I am getting several fake linkedin emails per day. Time for someone to take this bugger out of the air!

    remove

  • October 1, 2018 at 10:37 AM by an anonymous user from Garland, Texas, United States

    I knew immediately the plural Linked In "appeared in _ searches this week" messages were spam. I have never had a Linked In profile so I knew these were fake. A least my email provider automatically moves these to the junk mail folder.

    remove

  • September 30, 2018 at 11:57 AM by an anonymous user from Omaha, Nebraska, United States

    I've been analyzing the headers deeply. It appears the originating IP address is spoofed as well as the FROM email address, obviously.

    So doing IP lookup on that is no good. You might be able to send an ABUSE complaint to the originating email server at best.

    All links in the email body go to the same URL. This URL gets redirected to "fastlines-diet.world". I've also had some at other similar URL names.

    They all seem to be registered at NAMECHEAP. I've sent ABUSE complaints to NAMECHEAP and to those URLs (which is probably a mistake as is just verifies my email address to them), but these ABUSE complaints will only get those URLs blacklisted and won't stop the SPAM from being sent with SPOOFed email address and originating IPs.

    What else can I do to help? I'm quite tech savvy. If there is other info I can provide to you I would be happy to start this fight on all SPAM.

    remove

    • September 30, 2018 at 2:03 PM by info

      Thank you, the information you have provided is very helpful.

      remove

  • September 29, 2018 at 10:26 AM by an anonymous user from Temecula, California, United States

    Thanks for this. I thought maybe I was getting it as a result of recently starting to apply for jobs.

    remove

    • September 30, 2018 at 3:56 PM by an anonymous user from Otelfingen, Zurich, Switzerland

      Yes mee too after searching for jobs. I'm receiving 5 to 10 LinkedIn spam e-mails. All of them come with the same message from the same LinkedIn name but with a different email... I'm getting frustrated.

      remove

  • September 28, 2018 at 11:22 PM by an anonymous user from Marion, Massachusetts, United States

    Many every day! Please ISPs, delete these entirely, don't send them to junk mail as occasionally something good is in Junk folder. STOP THIS!

    remove

  • September 27, 2018 at 8:07 AM by an anonymous user from Bristol, England, United Kingdom

    What happens if a link in these is clicked on? It opens up two webpages.

    Do they automatically download anything?

    remove

    • September 27, 2018 at 2:03 PM by an anonymous user from Santa Clara, California, United States

      DON'T, as they will hijack the browser and splatter pay up your pc; has been hijacked page.

      remove

    • September 27, 2018 at 12:51 PM by an anonymous user from Bedminster, New Jersey, United States

      I clicked "unsubscribe" just to see what would happen and it took me to Canadian Pharmacy, and I think they were selling Viag**. I don't think anything was automatically downloaded. I'm reporting each one I get as spam or phishing, and I notice each one is being sent from a different sender, so blocking doesn't work. Getting 6 of these or more in each 24 hour period starting just recently.

      remove

    • September 27, 2018 at 8:13 AM by info

      No, nothing is downloaded automatically.

      remove

  • September 25, 2018 at 8:52 PM by info

    There is also:

    "You appeared in 1 search this week"

    "You appeared in 2 search this week"

    "You appeared in 3 search this week"

    "You appeared in 4 search this week"

    remove

  • September 24, 2018 at 8:40 PM by info

    There is also:

    "You appeared in 5 search this week"

    "You appeared in 6 search this week"

    "You appeared in 7 search this week"

    "You appeared in 8 search this week"

    "You appeared in 9 search this week"

    remove

    • September 26, 2018 at 8:40 AM by an anonymous user from Bedminster, New Jersey, United States

      I'm getting all of these up to five and six times a day. I've tried without success to use rules to have them automatically deleted, but somehow they keep getting around whatever rule I try no matter how I set it up. Very frustrating!!!

      remove

      • October 1, 2018 at 3:16 AM by an anonymous user from Charleroi, Wallonia, Belgium

        Yeah. The unsubscribe links all seem to go to hijacked wordpress sites. But receiving them 10 times a day is becoming very tiring. They appear in spam, but that makes it harder to add a mail rule to delete them automatically.

        remove

        • October 1, 2018 at 3:58 PM by an anonymous user from Bedminster, New Jersey, United States

          I'm starting to forward each one I get to abuse@outlook.com. Let's see what they can do with them.

          Mine go directly to spam as well, but it is still a pain to have to delete them.

          I wish I knew how to set a rule to eliminate these, but nothing I try works.

          remove

 Show More Comments (38)
Write Your Comment, Question, Answer, or Review
Write your comment, question, answer, or review in the box below to share what you know or to get answers. NB: We will use your IP address to display your approximate location to other users.
Your comment, question, answer, or review will be posted as an anonymous user because you are not signed in. Anonymous posts cannot be edited or deleted. Sign-in.

More on Online Threat Alerts (OTA):
Spam - The "LinkedIn You Appeared in Search this Week" Junk Emails