Alerts E-Threats

Scammers Impersonate Bank Exec on LinkedIn to Target Corporate Bank Accounts

Imagine you receive an e-mail from an unknown prince / political refugee – the classic Nigerian scam of the past 10 years. You wouldn’t fall for that, would you?

Imagine now a legit business proposal from a bank manager with all the credentials, work experience and peers. It’s not even disguised as a Nigerian operation – it’s a business proposition. And it’s on LinkedIn.

We got such a message from an individual impersonating Aziz Mohammad, a manager at a highly popular bank in Malaysia. A brief look at his profile revealed it was built using the visual identity and profile information of the real Aziz Mohammad, a third-degree connection.

The scam message is crafted generically, as it lays the ground for the con: a business proposal for people who have full control of the company, including the possibility to initiate money transfers. The contact information is, of course, an e-mail address that does not belong to the banking institution the impersonator claims to be affiliated with, but rather a disposable account set up with Yahoo.

LinkedIn is not the only social network where the attacker tried to impersonate the real Aziz Mohammad. He also set up a fake Facebook profile with the same information, as well as a picture of “himself” which is actually – and ironically – a picture of State Secretary Colin Powell watermarked “AP Photo”. Why would a legit user go for a stock photo for a profile image instead of simply taking a shot of himself?

Shortly after receiving the scammy message, we tried to engage the attacker and play his game, but LinkedIn rapidly pulled the profile (and his message history) off.

Why LinkedIn scams are more appealing than conventional Nigerian scams?

First of all, they weigh more than messages from an unknown individual. LinkedIn profiles are used by business people from around the world to find opportunities and get in touch with other people for business purposes. Shortly put, people perceive LinkedIn as a trustworthy source: if one contact’s job is listed there, it must be real, right? No. LinkedIn does not validate the position or company a person claims to work in, like Facebook does, for instance.

Secondly, scams targeting businesses bring much more money than small-time cons: a business can move more funds from one account to another without raising any red flag with the bank. A money mule, therefore, can be forwarded say a little under $10,000 which they then partition in small chunks and send to attackers via wire without raising suspicion. Regular accounts can only transfer way below $5000 in one shot before they get blocked for suspicious activity, not to mention that few individuals have saved so much money. And, to cyber-criminals this is the most important aspect: the most difficult part is finding the money mules – persons who are employed via work-from-home scams to receive money in their accounts and then forward it via Western Union or MoneyGram. Money mules are key to the business, as they are the ones who launder the money for the cyber-criminals, and also take the fall for the loss, so they can’t be reused for another con.

What’s to be done?

Don’t jump into a business opportunity directly, even if it appears to come from a highly regarded company or individual. If the conversation involves financial or personal information, call the company and ask for the person to discuss the matter via phone, or schedule a face-to-face meeting.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.


Click here to post a comment
  • This tactic has been used for years. Penetration Testers use it as part of the social engineering phase of their client engagement. It’s been very successful approach for gathering intelligence on a targeted group of individuals.

    • Not so successful, it seems, since this alleged pen-testing tactic has been flagged by LinkedIn themselves. If this is a scam, they’ve done it pretty well. If it’s a hacking attempt directed at a data security company, well, that’s at least embarrassing.

  • you didn’t tell us the end of story, how the game end? what business you did with him, how much money you receive… give us some details

    • The game was abruptly ended by LinkedIn, who suspended the guy’s account. We didn’t have the time to “do business” with this fellow.

  • The first think to look at when engaging a businessman or a company is that the representative is using the COMPANY EMAIL. If it is Yahoo Mail for sure that ain’t legit!

    • i send him a mail to this e-mail address yesterday, but not an answer yet, so is possible that e-mail is not used any more.

  • i’ve got that exact same message few days ago. i’ve been in contact with him…even though i’m still asking him some question (about who he is, why he choose me, what kind of ‘business proposal that he makes, etc.). below is the replied message…hopefully this can give you all additional information regarding this matter. after i see this article, i decide to not continue it.


    Hello Dear Fridatari ,

    I am Mr Aziz Mohammad the manager of bills and exchange at the foreign remittance department of Standard Chartered Bank here in Malaysia. I have a business proposal which I believe that will be a very good opportunity for both of us so I decided to contact you on this business opportunity in our bank, the business is this I discovered an abandoned sum of ($10,123.000.00 USD) Ten million one hundred and twenty three thousand United States Dollars) in our safety deposit vault that belongs to one of our foreign customer ( Eng Bayu Sakti Rahmayati ) who died along with his entire family on 11th March 2004 in a ghastly train explosion in Atocha, Madrid-Spain,

    Since we got information about his death, we have been expecting his next of kin to come over and claim his money because the management cannot release it unless somebody applies for it as next of kin to the deceased as indicated in our banking guidelines but unfortunately I learn that all his family died alongside with him at the train explosion leaving nobody behind for the claim.

    Since you have the same surname with this deceased customer you can easily make this deal with me without any problem, I have and will give you the entire secret information’s of this deposit which will help you to claim this money as the true next of kin. It is therefore upon this discovery that I decided to make this business proposal to you so that the bank will release the fund to you as the next of kin to the deceased since nobody is coming for it and I don´t want this money to go into the banks treasury as unclaimed or declared to the government of Malaysia, because once this is done, the government will confiscate the funds, which is not good for both of us, instead it´s better for us to do this deal and map out something for charity from the money and as well share the rest. I agreed that 50% of this money will be for you as my foreign partner and in respect to your acceptance to do this business with me, while 50% would be for me and my family,

    Therefore to enable the immediate transfer of this fund to your account as I will arrange, you must apply first to the bank as the next of kin of the deceased indicating your interest of claim of your inherited funds, upon receipt of your reply through my email, I will send to you the text of the application which you will send to the bank, I will not fail to bring to your notice that this transaction is a hitch free that you should not entertain any atom of fear as all required arrangements will be made perfectly. At this moment you should feel free to contact me through email as soon as you receive this letter, You should understand that this should be kept very confidential, let it be between you and me only,This is the only way we can achieve success,I will also level the whole arrangement here in the bank for the transfer to be approved immediately,

    Please send to me via email your full name,house address with your direct phone and fax number immediately,for easy and safe communication, I will contact you to explain more concerning this business as soon as I receive your full contact information’s. please feel free to call me through my private phone number ( +601-2963-1647 )

    Best regards,
    Mr Aziz Mohammad


    and below is the question that i asked to him :


    From: Fridatari Rahmayati
    To: “”
    Sent: Friday, May 10, 2013 11:28 PM
    Subject: the business proposal from Linkedin

    Dear Mr. Aziz Mohammad,

    Thank you for the kind words in your message towards my Linkedin account. But, i want to asked a bit further regarding your message.

    for me, your message is like a business proposal. what kind of this ‘business proposal’ that you offered to me? the second thing is…. why me? it was weird because this is the first time we get in contact and yet, you offered this business proposal.

    if you don’t mind, how can you get my address? i mean… my linkedin account. if you don’t mind me asked you again… what branch your office is (the standard chartered bank)? thank you for your time.

    Best Regards,


    Sent from my iPad


    that’s all. hopefully, this information can give you all benefits to avoid these kind of scam.


    • Helloe there. I recereiced the same type of email as u did. My case is a women representing a financiail institution in Irish (Allied Irish Bank PLC). I am lucky to search through web about these cases. I can never imagine the scammers can go through Linked in. Damn! They are really good.

      • Have some fun, make a new email address with different name, get a vpn, invent a person living in the country to match with vpn ip, invent excuses for not giving id/passport scan, have fun :)

  • Long story short: after more the 20 mails exchanged…can be reduced to this
    now i have to call him… but i wont buy a SIM for this, so… story is kinda over, if he accept to continue email exchange…i presume the next step is to give me his account to send him money, if so i be back here with an update
    ” If this is a scam, they’ve done it pretty well. ”

    do no if the person(s) who send this emails write them, but the one who write and make scenario for this scam is…good, very good
    ask me to send my personal data to another email (bank email), answered e-mail was with original bank headers (sended via gmail smtp, but… who check that :)) ), he don’t involve in personal talk etc

    • update:
      ~40 emails exchanged
      i received: written will, death certificate, deposit certificate
      now i just have to complete this form to receive the money:

    • Update: almost the end of story: +50 email exchanged

      […]Meanwhile you are going to send the sum of US$1,500 […]Use below names to send the US$1,500[…] through western union money transfer for easy and fast pick up.

      First Name : *****
      Family Name : *****
      Address : ***** Malaysia

      Don`t forget to send the payment information`s as you make the payment, The sender name and address with MTCN.

    • final update, end of story: i got all the data
      NAME : *****
      BANK NAME : *****
      ACCOUNT NUMBER : *****
      BANK ADDRESS : *****
      SWITF CODE : *****

      Case close.

      • Dear Virii,

        I just want to know, at the end you got money trasfer from this aziz Mohammed or not after you sent him amount of money?.



  • I received a similar scam via linkedin, impersonating a decorated army officer: Sergeant Monica Lin Brown. I have started to follow up the messages and let’s see where this one goes.

  • Hello, I have received similar scam via linkedin. He’s name is Dominick Evince from Malaysia. Same stories. But I told him that he should stop this none sense and immediately he went off. So funny. Very ridiculous.

  • Same here.
    Received a message today from Lloyds Bank Non executive Director Sara Weller apparently asking me to contact her on the email she provided me as she has a business proposal for me.

    I play her game to see where it leads.Already found the real profile of Sara Weller..creepy

  • I just got approached on Linkedin by diffrent person, similar email. Asked me to email him about a proposal. Then i got an email from same listed email address on profile but diffrent name.

    Linkedin Profile: Dr. Kurt Cambell

    I have already reported to Linkedin.

  • I Received a similar email, but this time the Deceased’s Name was Eng Bayu Sakti Atbooki, the sender was Mr. Dominick Evance who Asked me to contact Dr. Chew Boon Keong the Contact Person in the Foreign and International Remittance Department Standard Chartered Bank Malaysia.