Hackers hijack LinkedIn comments to spread malware - here's what to look out for

News
By published

Phishing has made it into LinkedIn comments, experts warn

In this photo illustration, the business and employment-oriented network and platform owned by Microsoft, LinkedIn, logo seen displayed on a smartphone with an Artificial intelligence (AI) chip and symbol in the background.
(Image credit: Photo Illustration by Budrul Chukrut/SOPA Images/LightRocket via Getty Images)
  • Attackers post fake LinkedIn comments claiming accounts are locked for violations
  • Links lead to phishing sites mimicking LinkedIn login, stealing user credentials
  • LinkedIn confirms awareness, stresses it never communicates bans via public comments

As if AI-generated posts and comments weren’t enough, LinkedIn activity is now also being bombarded with phishing content, experts have warned.

A report from BleepingComputer has highlighted how recently, multiple LinkedIn users have seen comments under different posts, appearing to have come from the platform itself. The comment states that the user has been repeatedly breaking the platform’s terms of service, and that their account is now locked and pending review.

The post also shares a link where the user can “reactivate” their account and “lift” the ban. Those that follow through will end up on a page that looks like a legitimate LinkedIn login page which, in fact, relays the credentials to the attackers.

LinkedIn aware of the attacks

There are multiple red flags in this campaign which should be enough for most people to spot the scam. The most obvious one is the fact that LinkedIn would never communicate locked, or banned accounts, through comments on different posts.

The second-biggest red flag is the links shared in the comments. In some cases, the links are clearly unaffiliated with the platform, pointing to netlify.app or similar third-party services. In others, attackers use LinkedIn’s official URL shortener, which can make the links appear more credible.

Finally, victims could navigate to the profile page of the account posting these comments and see that it is an obvious scam. One of the accounts is called “LinkedIn Very”, and has zero followers, and zero activity. The only thing connecting it to the platform is the name, and the profile image that is clearly stolen from LinkedIn.

The Microsoft-owned business social network told BleepingComputer it is aware of the campaign, and that it is working on stopping it:

"I can confirm that we are aware of this activity and our teams are working to take action," a LinkedIn spokesperson told the publication.

"It's important to note that LinkedIn does not and will not communicate policy violations to our members through public comments, and we encourage our members to make a report if they encounter this suspicious behavior. This way we can review and take the appropriate action."

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.