LinkedIn members are receiving requests for ‘rating’ for connections that begin with ‘…needs your help.’ During the response process, the sender phishes for log-in information, and even if you terminate the exchange there, as I did, they receive and utilize the rating information, sending it to the ostensible requester. Some of you have received ‘requests’ ostensibly from me, and likely from others, requesting this ‘rating’ or endorsement. I have sent out no such requests–It’s a scam, the originator unknown. I have attempted to notify LinkedIn.
-
Recent Posts
Archives
- June 2019
- May 2018
- January 2018
- September 2017
- July 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- March 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- September 2013
- August 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
Categories
-
Join 204 other subscribers
Thanks for your post. FYI, I have notified LinkedIn’s Fraud/Privacy team.
Hi, I have notified LindedIn, too. this is very disturbing.
I’ve done the same, and in reply received a canned response from LinkedIn to change my password. They marked the case “closed.” The following is the response I left:
——————
Forgive me, but this was a non-solution to the problem I alerted Linkedin about. Here’s why:
1) Linkedin failed to detect unauthorized access to my account. *I* detected it and alerted LinkedIn.
2) LinkedIn’s sole solution was that I change my password. Since I previously had a password, how has the security of my account changed or improved?
3) I learned (on my own) that the RateStars phishing scam was well documented. LinkedIn users before me (and now, my contacts) have had it happen to them, and had already alerted LinkedIn about it. LinkedIn’s complete failure to notify their loyal account holders is directly responsible for the continuing spread of this scam and the resulting inconvenience to members.
4) Both the LinkedIn Twitter feed and the website itself are prime locations to actively alert members about this scam — IF LinkedIn was interested in preventing security breaches of its members. I contacted both and was surprised to receive no direct acknowledgement of the subject. This site supplied a canned response to change my password. The Twitter feed (whose sole purpose is agile communication) ignored every message: It has continued to tweet cheerful, general news items. A simple alert to LinkedIn members could have prevented the majority of my contacts from being similarly hacked, since they simply did not understand the danger of responding to RateStar’s legit-appearing e-mail. Its perceived legitimacy is directly related to the fact that it comes from a secure LinkedIn member.
5) I and other LinkedIn members are attempting to pass on this information to fellow members, since LinkedIn is utterly failing to do so. Our attempts are far less effective than an alert to all member directly from LinkedIn.
6) All of the above has left me and fellow LinkedIn users with the impression that there is simply a complete lack of customer service on LinkedIn.
Hi Frank, I have notified LInkedIm too, and just received a canned reply. I don’t understand why they don’t take action; their site has their logo all over it and LI members are getting pretty annoyed. I also reported it to Phishtank.com but they would not validate it. If anyone has a moment, please report it to Phishtank as well? Thanks!
It is a Chinese group that is looking to gain access to valuable personal information.
Thanks for this! I received one today. It actually looked very legit – much more professional than most spam/scam emails. For some reason, though – I guess maybe because I hadn’t heard of ratestars – I decided to look them up before going forward. I didn’t click a single thing in the email, thankfully. Your post saved me!
+1 with JB — I’m thankful I had the common sense to look it up before going through with it. Thanks for posting about this! It’s a shame LinkedIn isn’t more responsive, especially in light of the recent hack.
Reblogged this on JP Nicols and commented:
I received one of these today, and something just didn’t feel right, so I did a little digging.
FYI.
I also received one of these today and my alarm bells rang when the message began with ‘needs my help’ from someone I do not know. I agree with NK’s comment about LinkedIn’s responsiveness and monitoring procedure.
I went to the RateStar web site. They have some very interesting language about how they can use the info for anything they want. But you can unsubscribe which I just did so we will see if it works. I helped a friend and rated him, it used my LinkedIn account and email. Then it started sending emails to eveyrone in my LinkedIN contacts. So that is not legal etc but they try to act like they are legit if you go their web site.
Here is some language about the term of service
You agree that by registering on Ratestars, or by using any of our Services, including our mobile applications, Facebook application, plug-ins, or other information provided as part of the RateStar services (collectively “Ratestars” or the “Services”), you are entering into a legally binding agreement with RateStars (“we,” “us,” “our,” and “RateStars”) based on the terms of this User Agreement and Privacy Policy, which is hereby incorporated by reference (collectively referred to as the “Agreement”).
By visiting our website or using any of our Services, you acknowledge that you have read and understood the terms and conditions of this Agreement and that you agree to be bound by all of its provisions.
APPLICABLE LAWS AND THIS AGREEMENT
You must comply with all applicable laws, the Agreement, as may be amended from time to time with or without advance notice, and the policies and processes explained in the following sections:
DOs and DON’Ts
You own the information you provide RateStars under this Agreement, and may request its deletion at any time, unless you have shared information or content with others and they have not deleted it, or it was copied or stored by other users. Additionally, you grant Ratestars a nonexclusive, irrevocable, worldwide, perpetual, unlimited, assignable, sub-licenseable, fully paid up and royalty-free right to us to copy, prepare derivative works of, improve, distribute, publish, remove, retain, add, process, analyze, use and commercialize, in any way now known or in the future discovered, any information you provide, directly or indirectly to RateStars, including, but not limited to, any user generated content, ideas, concepts, techniques or data to the services, you submit to RateStars, without any further consent, notice and/or compensation to you or to any third parties. Any information you submit to us is at your own risk of loss as noted in Sections 2 and 3 of this Agreement.
By providing information to us, you represent and warrant that you are entitled to submit the information and that the information is accurate, not confidential, and not in violation of any contractual restrictions or other third party rights. It is your responsibility to keep your profile information accurate and updated.
SERVICE ELIGIBILITY
Here is their language about Privacy Policy
PERSONAL INFORMATION COLLECTED
When you register an account to become a RateStars user (“User”), we collect your name, e-mail, phone number, industry, title/role, and skills.
Regardless of registration, by visiting our Site, we may place cookies on your computer, collect your IP address, browser type, operating system and receive the URLs of site from which you arrive or leave the RateStars website.
When you import your contacts using Gmail, Yahoo, Hotmail, Microsoft Exchange or other email/contact services, we receive names and email addresses of your contacts. You can choose to delete these, or have us invite them to your network on Ratestars. We do not store any usernames or passwords that you choose to give us for 3rd-party contact services.
Registration to Ratestars requires logging in via either a LinkedIn or Facebook account. This is to verify your identity, as well as access your professional work history. We do not store any usernames or passwords when you login using either of these services, and operate using the API guidelines and rules set forth by these services.
By logging in via Facebook, you must install the RateStars Facebook application first. This gives us access to your friends list, your personal profile picture, email, and your work history.
By logging in via LinkedIn, we collect your name, work history, email address and profile pic.
USES OF PERSONAL INFORMATION
We use the information you provide to:
Enable you to share your information and communicate with other Users
Administer your account with us and customize the service we provide to you and other Users
Email you with updates on important account activity
Import or notify your contacts to interact with you
Share key milestones, such as an improvement in your Ranking, with your contacts & friends
Populate your profile with imported information such as picture, work history, name, location etc
Rank and compare you to other Users
Connect you to opportunities by enabling other professionals to find you
Use analytics software to see aggregate trends in how our Users use our Service
Enable you to send and receive ratings and manage your ranking
Allow search engines to find your ratings and reviews
WE DO NOT:
We do not sell, rent, or otherwise provide personally identifiable information to third parties without your consent except where it is necessary to carry out your instructions (to process your payment information, for example) or as required by law. We also provide you with the means to control whether or not your contact information is viewable to other Users through your profile.
YOUR INFORMATION CHOICES
You can:
Review, enhance or edit your personal information through your personal profile page;
Control what information you make available to search engines through your public profile;
Choose whether you wish to login using Facebook or LinkedIn;
Change your settings to control visibility and accessibility through our website;
Tell us to delete your account;
Change how we notify you via email by managing your account settings;
Change how we interact with your contacts & friends by managing your account settings;
Do not abuse the RateStars service by using it to spam, abuse, harass, or otherwise violate the User Agreement or Privacy Policy.
SECURITY
Personal information you provide will be secured in accordance with industry standards and technology. Although we will try our best, since the internet is not a 100% secure environment, we cannot ensure or warrant the security of any information you transmit to Us. There is no guarantee that information may not be accessed, copied, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to your email communications at all times.
HOW TO CONTACT US
If you have questions or comments please send them to us here or contact us at:
info@ratestars.com
Bad news!
FYi, I also reported to the US Government Computer Emergency Readiness Team. http://www.us-cert.gov/nav/report_phishing.html
Pingback: Digital Forensics, Inc. LinkedIn/’RateStars’ Phishing Scam | Digital Forensics, Inc.
Had the same problem – clicked on the link and “de-authorized” RateStars which in the web page said they are affiliated with LinkedIn and listed “Events” and other items – so not sure if they are affiliated with LinkedIn or just claiming that they are. In any event this is forcing many people to have to respond to those emails from contacts – and it’s embarrassing of course to hear that someone is sending emails under your signature without your permission, essentially begging for ratings.
If you’ve already fell prey to this, what to you have to do to clean up the mess? I changed my LinkedIn password. I’m suspicious of using ratestars’ unsubscribe email since they are sending me yet another email link. Advice anyone? I know my LI contacts have been solicited already – arh!
Pingback: Look Out for LinkedIn Phishing Scam : Internet Advisor
This is a total disaster and LinkedIn are completely ignoring this situation! I have changed my password but who knows what else they did to prevent me from blocking them! Keep in mind that services such as Google Mail have ‘so called’ secret phrases and personal information ‘reminders’ to reset your password, if there is something like that in LinkedIn, and frankly I can’t remember if there was, I joined about four years ago, even if you reset your password they could use that to get it back! I would strongly recommend that you completely delete yourself from LinkedIn and stop using the service, it would send a message to other social networks that seem as unconcerned about your personal information being circulated!
This is certainly the fourth posting, of urs I browsed.
Yet I personally enjoy this specific 1, “LinkedIn/RateStars Phishing Scam | neurogram” the very best.
Take care ,Joie
I tend to agree with all the things that ended up being authored within “LinkedIn/RateStars Phishing Scam | neurogram”.
Thank you for all of the actual advice.Thanks for the post,Coral
It seems like u really know very much related to this subject
and it all shows with this blog, called “LinkedIn/RateStars Phishing Scam | neurogram”.
Thanks a lot ,Sang