LinkedIn/’RateStars’ Phishing Scam

LinkedIn members are receiving requests for ‘rating’ for connections that begin with ‘…needs your help.’ During the response process, the sender phishes for log-in information, and even if you terminate the exchange there, as I did, they receive and utilize the rating information, sending it to the ostensible requester. Some of you have received ‘requests’ ostensibly from me, and likely from others, requesting this ‘rating’ or endorsement. I have sent out no such requests–It’s a scam, the originator unknown. I have attempted to notify LinkedIn.

This entry was posted in Uncategorized and tagged . Bookmark the permalink.

19 Responses to LinkedIn/’RateStars’ Phishing Scam

  1. Thanks for your post. FYI, I have notified LinkedIn’s Fraud/Privacy team.

    • Julie K says:

      Hi, I have notified LindedIn, too. this is very disturbing.

    • Judy A says:

      I’ve done the same, and in reply received a canned response from LinkedIn to change my password. They marked the case “closed.” The following is the response I left:
      ——————
      Forgive me, but this was a non-solution to the problem I alerted Linkedin about. Here’s why:

      1) Linkedin failed to detect unauthorized access to my account. *I* detected it and alerted LinkedIn.

      2) LinkedIn’s sole solution was that I change my password. Since I previously had a password, how has the security of my account changed or improved?

      3) I learned (on my own) that the RateStars phishing scam was well documented. LinkedIn users before me (and now, my contacts) have had it happen to them, and had already alerted LinkedIn about it. LinkedIn’s complete failure to notify their loyal account holders is directly responsible for the continuing spread of this scam and the resulting inconvenience to members.

      4) Both the LinkedIn Twitter feed and the website itself are prime locations to actively alert members about this scam — IF LinkedIn was interested in preventing security breaches of its members. I contacted both and was surprised to receive no direct acknowledgement of the subject. This site supplied a canned response to change my password. The Twitter feed (whose sole purpose is agile communication) ignored every message: It has continued to tweet cheerful, general news items. A simple alert to LinkedIn members could have prevented the majority of my contacts from being similarly hacked, since they simply did not understand the danger of responding to RateStar’s legit-appearing e-mail. Its perceived legitimacy is directly related to the fact that it comes from a secure LinkedIn member.

      5) I and other LinkedIn members are attempting to pass on this information to fellow members, since LinkedIn is utterly failing to do so. Our attempts are far less effective than an alert to all member directly from LinkedIn.

      6) All of the above has left me and fellow LinkedIn users with the impression that there is simply a complete lack of customer service on LinkedIn.

  2. Lisa B says:

    Hi Frank, I have notified LInkedIm too, and just received a canned reply. I don’t understand why they don’t take action; their site has their logo all over it and LI members are getting pretty annoyed. I also reported it to Phishtank.com but they would not validate it. If anyone has a moment, please report it to Phishtank as well? Thanks!

  3. Joop deBruin says:

    It is a Chinese group that is looking to gain access to valuable personal information.

  4. JB says:

    Thanks for this! I received one today. It actually looked very legit – much more professional than most spam/scam emails. For some reason, though – I guess maybe because I hadn’t heard of ratestars – I decided to look them up before going forward. I didn’t click a single thing in the email, thankfully. Your post saved me!

  5. NK says:

    +1 with JB — I’m thankful I had the common sense to look it up before going through with it. Thanks for posting about this! It’s a shame LinkedIn isn’t more responsive, especially in light of the recent hack.

  6. JPNicols says:

    Reblogged this on JP Nicols and commented:
    I received one of these today, and something just didn’t feel right, so I did a little digging.
    FYI.

  7. djs says:

    I also received one of these today and my alarm bells rang when the message began with ‘needs my help’ from someone I do not know. I agree with NK’s comment about LinkedIn’s responsiveness and monitoring procedure.

  8. observer2000 says:

    I went to the RateStar web site. They have some very interesting language about how they can use the info for anything they want. But you can unsubscribe which I just did so we will see if it works. I helped a friend and rated him, it used my LinkedIn account and email. Then it started sending emails to eveyrone in my LinkedIN contacts. So that is not legal etc but they try to act like they are legit if you go their web site.

    Here is some language about the term of service
    You agree that by registering on Ratestars, or by using any of our Services, including our mobile applications, Facebook application, plug-ins, or other information provided as part of the RateStar services (collectively “Ratestars” or the “Services”), you are entering into a legally binding agreement with RateStars (“we,” “us,” “our,” and “RateStars”) based on the terms of this User Agreement and Privacy Policy, which is hereby incorporated by reference (collectively referred to as the “Agreement”).

    By visiting our website or using any of our Services, you acknowledge that you have read and understood the terms and conditions of this Agreement and that you agree to be bound by all of its provisions.

    APPLICABLE LAWS AND THIS AGREEMENT

    You must comply with all applicable laws, the Agreement, as may be amended from time to time with or without advance notice, and the policies and processes explained in the following sections:

    DOs and DON’Ts

    You own the information you provide RateStars under this Agreement, and may request its deletion at any time, unless you have shared information or content with others and they have not deleted it, or it was copied or stored by other users. Additionally, you grant Ratestars a nonexclusive, irrevocable, worldwide, perpetual, unlimited, assignable, sub-licenseable, fully paid up and royalty-free right to us to copy, prepare derivative works of, improve, distribute, publish, remove, retain, add, process, analyze, use and commercialize, in any way now known or in the future discovered, any information you provide, directly or indirectly to RateStars, including, but not limited to, any user generated content, ideas, concepts, techniques or data to the services, you submit to RateStars, without any further consent, notice and/or compensation to you or to any third parties. Any information you submit to us is at your own risk of loss as noted in Sections 2 and 3 of this Agreement.

    By providing information to us, you represent and warrant that you are entitled to submit the information and that the information is accurate, not confidential, and not in violation of any contractual restrictions or other third party rights. It is your responsibility to keep your profile information accurate and updated.

    SERVICE ELIGIBILITY

    Here is their language about Privacy Policy
    PERSONAL INFORMATION COLLECTED

    When you register an account to become a RateStars user (“User”), we collect your name, e-mail, phone number, industry, title/role, and skills.
    Regardless of registration, by visiting our Site, we may place cookies on your computer, collect your IP address, browser type, operating system and receive the URLs of site from which you arrive or leave the RateStars website.
    When you import your contacts using Gmail, Yahoo, Hotmail, Microsoft Exchange or other email/contact services, we receive names and email addresses of your contacts. You can choose to delete these, or have us invite them to your network on Ratestars. We do not store any usernames or passwords that you choose to give us for 3rd-party contact services.
    Registration to Ratestars requires logging in via either a LinkedIn or Facebook account. This is to verify your identity, as well as access your professional work history. We do not store any usernames or passwords when you login using either of these services, and operate using the API guidelines and rules set forth by these services.
    By logging in via Facebook, you must install the RateStars Facebook application first. This gives us access to your friends list, your personal profile picture, email, and your work history.
    By logging in via LinkedIn, we collect your name, work history, email address and profile pic.

    USES OF PERSONAL INFORMATION

    We use the information you provide to:

    Enable you to share your information and communicate with other Users
    Administer your account with us and customize the service we provide to you and other Users
    Email you with updates on important account activity
    Import or notify your contacts to interact with you
    Share key milestones, such as an improvement in your Ranking, with your contacts & friends
    Populate your profile with imported information such as picture, work history, name, location etc
    Rank and compare you to other Users
    Connect you to opportunities by enabling other professionals to find you
    Use analytics software to see aggregate trends in how our Users use our Service
    Enable you to send and receive ratings and manage your ranking
    Allow search engines to find your ratings and reviews

    WE DO NOT:

    We do not sell, rent, or otherwise provide personally identifiable information to third parties without your consent except where it is necessary to carry out your instructions (to process your payment information, for example) or as required by law. We also provide you with the means to control whether or not your contact information is viewable to other Users through your profile.

    YOUR INFORMATION CHOICES

    You can:

    Review, enhance or edit your personal information through your personal profile page;
    Control what information you make available to search engines through your public profile;
    Choose whether you wish to login using Facebook or LinkedIn;
    Change your settings to control visibility and accessibility through our website;
    Tell us to delete your account;
    Change how we notify you via email by managing your account settings;
    Change how we interact with your contacts & friends by managing your account settings;
    Do not abuse the RateStars service by using it to spam, abuse, harass, or otherwise violate the User Agreement or Privacy Policy.

    SECURITY

    Personal information you provide will be secured in accordance with industry standards and technology. Although we will try our best, since the internet is not a 100% secure environment, we cannot ensure or warrant the security of any information you transmit to Us. There is no guarantee that information may not be accessed, copied, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to your email communications at all times.
    HOW TO CONTACT US
    If you have questions or comments please send them to us here or contact us at:
    info@ratestars.com

    Bad news!

  9. FYi, I also reported to the US Government Computer Emergency Readiness Team. http://www.us-cert.gov/nav/report_phishing.html

  10. Pingback: Digital Forensics, Inc. LinkedIn/’RateStars’ Phishing Scam | Digital Forensics, Inc.

  11. M T says:

    Had the same problem – clicked on the link and “de-authorized” RateStars which in the web page said they are affiliated with LinkedIn and listed “Events” and other items – so not sure if they are affiliated with LinkedIn or just claiming that they are. In any event this is forcing many people to have to respond to those emails from contacts – and it’s embarrassing of course to hear that someone is sending emails under your signature without your permission, essentially begging for ratings.

  12. Julie A Texas says:

    If you’ve already fell prey to this, what to you have to do to clean up the mess? I changed my LinkedIn password. I’m suspicious of using ratestars’ unsubscribe email since they are sending me yet another email link. Advice anyone? I know my LI contacts have been solicited already – arh!

  13. Pingback: Look Out for LinkedIn Phishing Scam : Internet Advisor

  14. Dave Gallop says:

    This is a total disaster and LinkedIn are completely ignoring this situation! I have changed my password but who knows what else they did to prevent me from blocking them! Keep in mind that services such as Google Mail have ‘so called’ secret phrases and personal information ‘reminders’ to reset your password, if there is something like that in LinkedIn, and frankly I can’t remember if there was, I joined about four years ago, even if you reset your password they could use that to get it back! I would strongly recommend that you completely delete yourself from LinkedIn and stop using the service, it would send a message to other social networks that seem as unconcerned about your personal information being circulated!

  15. This is certainly the fourth posting, of urs I browsed.
    Yet I personally enjoy this specific 1, “LinkedIn/RateStars Phishing Scam | neurogram” the very best.
    Take care ,Joie

  16. I tend to agree with all the things that ended up being authored within “LinkedIn/RateStars Phishing Scam | neurogram”.
    Thank you for all of the actual advice.Thanks for the post,Coral

  17. It seems like u really know very much related to this subject
    and it all shows with this blog, called “LinkedIn/RateStars Phishing Scam | neurogram”.
    Thanks a lot ,Sang

Leave a comment