LinkedIn Spam: “black girl” Birthday on OS X Calendar

When I looked at my calendar yesterday, I noticed that it had a birthday listed for someone called "black girl":

I never added anyone to my OS X Contacts.app with the name "black girl", so I was puzzled as to where that was coming from and how it got on the calendar.

I opened the card for that contact in Contacts.app, here's what I saw:

Again, I never added this card. I have no idea who this person is and I don't recognize the face nor the websites listed on the card. In fact, this looked a lot like spam. But how did it get there?

A day went by and I had forgotten about this strange contact until it popped up on the calendar as being her birthday. Wait, wasn't "black girl's" birthday yesterday? Why does it say her birthday is today?

The spammer was updating the birthday every day so that it would continuously show up on my calendar!

That's when I realized this was definitely spam and decided it was time to dig a little deeper.

How did "black girl" get on my calendar?

Looking at the avatar in the Contacts card, I noticed a little LinkedIn icon. Ah, so this got added to my contacts through LinkedIn, which I have connected in System Preferences → Internet Accounts.

But wait, wouldn't that mean that I'd need to be connected to "black girl" on LinkedIn? I don't recall ever accepting an invitation from such a person on LinkedIn, but let's find out.

I logged into LinkedIn and searched for "black girl". Sure enough, I'm connected to her:

She has 500+ connections, which tells me lots of other people are being affected by this spam.

Mac OS X automatically puts the birthdays of my contacts on the calendar, so when my LinkedIn contacts were pulled into the Contacts.app, the birthday for "black girl" was added to my calendar.

The spammer simply updates the birthday listed on LinkedIn each day so that it looks like it's always "black girl's" birthday. That leads people to open the Contacts card and see the websites listed there, which leads people to visiting those websites (the goal of the spammer). Sneaky!

But is this really a spammer?

I wouldn't be writing this unless I was fairly certain this was a spammer. Looking at all the clues makes it obvious.

Besides the lack of a real name on the LinkedIn Profile, there's also this entry under the Experience section:

The position is listed as "skincare blog" but the description says "writer and editor at car2future.com automotive blog".

Additionally, if you view the WHOIS information for all the domains listed (www.car2future.info, www.bimtri.com, and newhotelus.com), you'll find they're all registered to someone in Indonesia:

But the most telling of all? The simple fact that someone is intentionally changing the birthday of "black girl" on LinkedIn every day. Why would someone do that except to spam?

How to block "black girl" and remove the card from Contacts.app

Since the Contacts card is coming from the LinkedIn connection, you need to first block that contact on LinkedIn. I recommend reporting the account first and then blocking it.

Once you've blocked the account, you can refresh your Contacts app in OS X by visiting System Preferences → Internet Accounts, selecting your LinkedIn account, and then unchecking Contacts and choosing "Delete from Mac".

Then, you can check the Contacts box again and OS X will re-download your LinkedIn contacts, minus the now-blocked "black girl" account.

If you're not using Mac OS X but you have your LinkedIn account connected to a computer or even your mobile phone, you'll want to report and block the "black girl" account and then disconnect and reconnect your LinkedIn account on whatever devices you have it connected to.