New LinkedIn Phishing Scam: The Comment-Reply Tactic
▼ Summary
– Scammers are posting fake comments on LinkedIn that impersonate the platform, falsely warning users of policy violations and urging them to click external links.
– These phishing attempts use convincing LinkedIn branding and sometimes the platform’s own URL shortener (lnkd.in) to mask malicious links.
– Clicking the links leads users through a multi-step process on fake websites designed to harvest their login credentials.
– The scam is being carried out by fake “Company” pages on LinkedIn that use variations of the platform’s name and logo.
– LinkedIn confirms it is aware of the campaign and emphasizes it never communicates policy violations through public comments, advising users to report such activity.
A new and sophisticated phishing campaign is actively targeting LinkedIn users, employing a deceptive comment-reply tactic to steal login credentials. This scam involves fake comments, designed to look like official platform notifications, which are being posted directly on users’ content. The messages falsely alert recipients to policy violations and account restrictions, pressuring them to click on malicious links. Security experts warn that these fraudulent comments can appear highly convincing, sometimes even leveraging LinkedIn’s own URL shortener to mask dangerous phishing domains.
The fraudulent comments impersonate LinkedIn’s branding, complete with the company’s logo and authoritative language. They typically claim the user’s account access is “temporarily restricted” due to unspecified compliance issues. To regain access, the message instructs the individual to click a provided link for verification. The danger escalates when scammers use LinkedIn’s legitimate `lnkd.in` URL shortener, making it exceedingly difficult to identify the malicious destination before clicking.
One observed phishing site, hosted on a suspicious `.app` domain, presents a fabricated LinkedIn-themed page that elaborates on the fake restriction. It then prompts the user to click a “Verify your identity” button. This action redirects the victim to a second, credential-harvesting site designed to capture usernames and passwords. The entire process is crafted to create a false sense of urgency and legitimacy, tricking users into voluntarily surrendering their sensitive information.
These malicious replies are not coming from individual profiles alone. Scammers are also creating fake LinkedIn Company pages, using names like “Linked Very” alongside the platform’s official logo to bolster their disguise. These pages are used to post the phishing comments, adding another layer of apparent authenticity to the scam. While LinkedIn has taken down some of these impersonating pages, new ones can quickly appear.
A LinkedIn spokesperson confirmed awareness of this ongoing campaign, emphasizing that the company never communicates policy violations through public comments. Users are encouraged to report any suspicious behavior directly through the platform’s reporting tools. This latest scheme mirrors tactics seen on other social networks, where impostor accounts reply to public posts pretending to be customer support from major brands.
To protect yourself, always be skeptical of unsolicited messages or comments claiming your account is in jeopardy. Never click on links or provide login details based on a public comment or reply. Instead, navigate directly to LinkedIn’s official website or app through your browser or bookmarks to check your account status. If you encounter one of these phishing attempts, report the comment and the profile that posted it immediately to help LinkedIn’s security teams take action.
(Source: Bleeping Computer)
