If you receive a warning on a LinkedIn post that your account has been restricted, don’t engage with it. Scammers are using LinkedIn branding in official-looking “reply” comments to spread phishing links intended to harvest users’ login credentials.
As reported by BleepingComputer, this impersonation campaign relies on fake company pages and LinkedIn’s official link shortener to trick users into “verifying” their identities on a domain run by threat actors. Here’s what to look for.
Scammers are replying to posts on LinkedIn with messages claiming that users have in some way violated the platform’s policies. The comments include a link, which users are urged to click to prevent their accounts from being further restricted or suspended.
In some cases, the link’s preview text states “We take steps to protect your account when we detect signs of potential unauthorized access. This may include logins from unfamiliar locations or…” which may convince users to overlook the link itself, which clearly does not lead to a page on a valid LinkedIn domain. In others, the scammers have further masked the phishing site using LinkedIn’s official URL shortener, lnkd.in, which is even less likely to raise suspicion, especially if the link preview doesn’t generate on certain devices.
If you click through the link, you’ll land on a phishing page that uses LinkedIn branding and contains more information about the supposed account restriction with a button to “Verify your identity.” That leads to another page that closely spoofs LinkedIn’s standard sign-in interface and is designed to steal your credentials.
What do you think so far?
The reply comments themselves utilize LinkedIn’s logo and branding and are connected to company pages with variations on the platform’s name—”Linked Very,” for example. These are obviously fake at first glance, as they don’t have any of the robust content (such as posts, employees, or followers) you’d expect from the real LinkedIn. But users could feasibly follow the phishing link without further investigation into the commenter.
As always, any urgent message or comment about your account security or status, no matter how official-sounding, should raise red flags. A second look at these replies make it clear that they are not from the real LinkedIn, which won’t send communication about account or policy violations in a public manner nor urge you to click links in comments or private messages.
