Hackers weaponize LinkedIn comments in new phishing campaign
LinkedIn users beware: a new phishing campaign has surfaced in which hackers post directly in public comments, posing as a LinkedIn autobot flagging the user's account for policy violations.
-
Scammers are posting fake LinkedIn policy warnings in public comments, posing as automated moderation bots.
-
Clicking the links can hand over your login credentials, allowing attackers to take over LinkedIn accounts.
-
Experts say the hackers are using AI to flood LinkedIn with the fake comments, allowing the scam to spread quickly.
Multiple researchers and targeted users have posted warnings about the scheme, which was first observed on LinkedIn earlier this week.
“Bot-like accounts reply to posts pretending to be LinkedIn itself, warning users about supposed policy violations and urging them to ‘fix’ the issue immediately,“ SOC Analyst William Pfeiffer posted on LinkedIn on Tuesday.
Pfeiffer notes that the fake comments are extremely “convincing” due to the bad actors using:
- LinkedIn-style language
- Familiar branding
- Short “lnkd.in” links
The fake account – Linked Very – posts directly in public comment sections, informing users that their accounts have been temporarily restricted for non-compliance.
“We have identified that your account has engaged in activities that are not in compliance with our website's policies. To prevent further restrictions or possible suspension, you are required to submit an appeal through https://very1929412.netlify.app/ so that we can review your case,” one such phishing message reads.
Another similar phishing message, also posted by the fake “Linked Very” profile, states, “Continued misconduct has placed your account under permanent lock review. Appeal at https://lnkd.in/ev7Za98i immediately.”
Pfeiffer says if the user clicks on the legitimate-looking link preview, “it leads to a fake verification page designed to harvest credentials.” As reported by Bleeping Computer, the phishing pages looked almost identical to LinkedIn sign-in pages, tricking users into entering their login name and password.
AI helps attackers scale LinkedIn impersonation
Max Gannon, Cyber Intelligence Team Manager at Cofense, says hackers are increasingly using AI tools to launch large-scale phishing campaigns while evading detection.
In this case, Gannon explains that "threat actors are using AI to successfully spoof LinkedIn and abuse legitimate infrastructure."
"Although LinkedIn’s process for creating a company page, especially one that appears to be LinkedIn itself, was not previously easy to abuse at scale, the proper application of AI now makes it possible,” Gannon says.
LinkedIn user Jocelyn M was targeted in the phishing campaign over the weekend, finding three separate fraudulent “Linked Very” accounts were operating on the platform.
After reporting the incident to LinkedIn, ironically, Jocelyn M received a similar-looking comment on their page – this time, from the real LinkedIn support team – thanking them for flagging the fake post.
“We can confirm this was not an official message from LinkedIn, and our teams are taking the appropriate action. Please continue to report any content that doesn't look right so we can review it: https://lnkd.in/gnHAjfNU. -TK,” the legitimate LinkedIn account wrote.
Gannon states that “As threat actors increasingly use AI and emerging automated methods, legitimate companies like LinkedIn will need stronger verification and validation controls to prevent abuse of their services and protect brand trust."
Broader shift in social engineering
Chance Caldwell, Senior Director of the Phishing Defense Center at Cofense, says this latest LinkedIn phishing campaign highlights “a troubling evolution in social engineering tactics, where attackers embed themselves directly into trusted digital spaces and exploit user trust by mimicking legitimate communications.”
"By posting comments that appear to come from LinkedIn, complete with official branding and even legitimate URL shorteners like ‘lnkd.in,’ the threat actors are able to earn trust from users and divert them to malicious phishing activity," the phishing expert tells Cybernews.
Caldwell also points out that these types of phishing campaigns are not unique to LinkedIn, and are proliferating across all social media platforms.
“The rise of AI has allowed thousands of these fake comments to be posted in a small amount of time,” Caldwell says, noting that Facebook is also commonly abused by hackers seeking to redirect users to phishing webpages.
Caldwell believes the onus lies with social media platforms to continue improving “comment/post monitoring to capture and remove as many of these malicious posts before users interact with them.”
“Individuals will also need to be aware of these tactics and only interact with posts that they can verify as legitimate," he added.
Unlock more exclusive Cybernews content on YouTube.
