A New Front in Cybercrime: Phishing Attacks on LinkedIn

Cybercriminals have traditionally used email messages to carry out phishing attacks designed to steal personal and business information or install malware on victims’ devices. Attackers are now expanding their reach by using other channels to trick victims. A surge in phishing attacks on LinkedIn has made headlines in the cybersecurity press. The professional networking and career development platform has more than 1.2 billion registered users worldwide.

In addition to its large user base, LinkedIn provides scammers with an easier and more effective means of gaining access to valuable business information.

Employees may be especially vulnerable on LinkedIn because they’re operating in a space where:

  • Messages often come from unfamiliar people
  • Professional outreach is expected
  • Contacts are assumed to be legitimate

Below, we’ll explore how LinkedIn phishing attacks work, why they’re increasing, and what businesses can do to reduce risk.

What Are Phishing Attacks?

Phishing is a criminal tactic that attempts to pass off a fake message as authentic with the intention of tricking the user into performing a specific action.

Common phishing tactics include:

  • Fake invoices
  • Password reset requests
  • Security alerts or policy violation notices

These messages usually push the user to click a link or open a file.

A phishing attack redirects the victim to a webpage or application that performs a malicious task, such as requesting the victim’s login credentials or installing malware.

What Do These LinkedIn Phishing Attacks Look Like?

Two types of phishing attacks on LinkedIn have been publicly reported. Be aware that phishing attempts through non-email channels often go unnoticed and unreported, so it’s likely that criminals have developed other schemes beyond these two.

1. Look‑Alike Domain Attacks

The first type of attack uses a look-alike domain to trick unsuspecting LinkedIn users. Here’s how this scheme typically operates. A comment-reply message appears under a user’s post claiming to be from LinkedIn. The message states that the user’s account has violated one of LinkedIn’s policies and includes a link that recipients can click for more information about the violation. The link uses LinkedIn’s own URL shortener (lnkd.in) to mask the true destination’s URL.

At a casual glance, the link looks legitimate. When a LinkedIn user clicks on this link, it sends them to a page designed to look exactly like LinkedIn’s login screen. By entering their LinkedIn login credentials on this page, the user hands their credentials to the scammer, who can now hijack the account to carry out other scams.

2. Compromised Executive Account Attacks

The second type of attack is more sophisticated and potentially more harmful. These attacks have targeted business executives in financial services, tech, and other industries.

In these attacks, the scammers use a real but compromised LinkedIn account belonging to a business executive. The scammers send messages from this account to other executives, inviting the recipients to consider an exclusive investment opportunity. The message includes a link to a page that appears to be the website of a private equity fund investment firm. This page includes buttons that the victim can click to get additional information about the investment. Clicking these buttons can give the attacker access to the victim’s Microsoft or Google Workspace accounts, either personal or business.

This type of attack is particularly dangerous for SMBs because a single compromised executive account can expose the entire organization’s data.

What Are the Goals of These LinkedIn Phishing Attacks?

Phishing attacks have become more common on LinkedIn, YouTube, Instagram, and other social media networks, as well as on search engines and instant messaging applications like WhatsApp. Scammers even use QR codes to trick victims.

As with all phishing schemes, scammers seek usernames and passwords to use in future attacks or want to download malware onto a victim’s computer. Access to a LinkedIn account provides a treasure trove of valuable information, including the victim’s login credentials, contact details, professional connections, job details, and work history.

A scammer can also read a victim’s direct messages to uncover additional details about the victim’s business. All of these details can be used to engineer more effective phishing attacks against the victim’s business colleagues, professional contacts, and others. For SMBs, this can result in a leak of client lists, sensitive financial data, and internal communications. The damage can be especially hard to recover from without a large IT team.

Why Are These Attacks Happening Now?

Cybersecurity best practices — including deploying anti-phishing software and conducting ongoing employee education — have become more effective at detecting and preventing email phishing attacks on businesses. Cybercriminals are always developing new techniques to adapt to preventive measures, so they’re turning to non-email channels like LinkedIn to evade business cybersecurity tools.

LinkedIn is particularly attractive to phishing scammers for several reasons.

  • Direct messages aren’t scanned by most anti‑phishing tools
  • Stolen social media credentials are easy to buy or reuse
  • Users expect unsolicited professional outreach

These attacks cleverly exploit LinkedIn users’ expectations about how professional networking and platform moderation work. Scammers also know that many business professionals, including company executives, use corporate devices to access the platform. These high-value targets offer potential pathways for scammers to infiltrate corporate computer networks to steal sensitive business data or install ransomware or other malware.

The recent rise of artificial intelligence (AI) may also be a contributing factor to the increase in these types of attacks.

AI tools make it easier to:

  • Create realistic fake login pages
  • Mimic LinkedIn branding
  • Launch large‑scale phishing campaigns quickly

This lowers the barrier to entry, making even small businesses viable targets.

What Can a Business Do to Prevent LinkedIn Phishing Attacks?

Businesses can take the following actions to lower the risk of successful LinkedIn phishing attacks against their employees:

1. Educate employees on the risks.

The most effective defense against phishing is employee education. A comprehensive cybersecurity training program will help protect your company’s network and address vulnerabilities that your day-to-day employee activities create. It’s vital to train employees to spot potential phishing attacks, including those on LinkedIn and other social media networks. Employees should be taught to verify the source of any unexpected message, even from a known contact, before clicking links or downloading files.

Security awareness training also includes educating employees about best computing practices and reminding them to notify your IT department of suspicious activity, no matter how insignificant it may appear. Phishing simulations are a particularly effective training tool, giving employees hands-on experience in recognizing attacks.

2. Consider changing your business device policies.

To ensure business data security, your business device policy can clearly mandate the separation of personal and work data. Your policy could prohibit the use of company-provided devices — such as PCs, laptops, and mobile phones — to access social media platforms and unauthorized third-party messaging apps.

At a minimum, require employees who use LinkedIn on company devices to enable LinkedIn’s two-factor authentication option. This step adds a critical extra layer of protection.

3. Keep your cybersecurity tools up to date.

If a malicious actor gains access to your network via a LinkedIn phishing attack without being noticed, cybersecurity tools may detect any unusual activity and help you stop the attack. Once the breach has been discovered, you can contain the threat and mitigate any damage by suspending compromised accounts, resetting passwords, and assessing the scope of the attack to take necessary action.

SMBs should also consider endpoint detection and response tools, which are designed to catch threats that traditional antivirus software may miss.

Help Your Employees Avoid Taking the Bait

The financial and reputational costs of one of your employees falling victim to a LinkedIn or other type of phishing attack far outweigh the cost of prevention. By training your staff to spot phishing attempts, adopting stricter business device policies, and deploying the latest cybersecurity tools, you can protect your bottom line and preserve the trust of your customers and business partners.

If you have concerns about your business’s vulnerability to phishing or other cyberattacks, contact us today to speak to an IT security expert or to request a free network security assessment.

About the Author: Pete Amborn

Pete Amborn's career prior to joining DWD centered upon Managed IT Services and VoIP systems. As a former systems engineer and IT business owner, Pete brings a wealth of knowledge and expertise to help companies utilize technology to enhance operational efficiency. Pete applies his previous experience with Managed IT services, and his position as Director, Network Services, to help DWD meet advancing needs in the market.

Recent DWD Tech Blog Posts

DWD Tech Blog Categories