LinkedIn Users Targeted in New Phishing Campaign

LinkedIn users should stay alert as hackers launch a new phishing campaign directly through public comments. Scammers are posing as automated LinkedIn moderation bots, warning users of policy violations and urging them to take immediate action. This method is particularly dangerous because unsuspecting users often trust comments on their posts, making it easier for attackers to steal login credentials. Security experts have confirmed the campaign is gaining traction, exploiting both AI automation and familiar LinkedIn branding to appear convincing.

How the Scam Works

The phishing attack operates through comments left by fake accounts, mimicking LinkedIn’s official tone. Messages typically claim the user’s account has been restricted for violating policies and include a link to “resolve” the issue. Clicking these links hands over login credentials to the attackers, potentially allowing full account takeover. Analysts warn that these fake comments use LinkedIn-style language, branding, and short links like “lnkd.in” to trick users.

AI-Powered Comment Flooding

Experts say AI plays a key role in the campaign. Hackers are using AI to generate large volumes of convincing comments, targeting thousands of users simultaneously. “Bot-like accounts reply to posts pretending to be LinkedIn itself, warning users about supposed policy violations and urging them to fix the issue immediately,” SOC analyst William Pfeiffer noted. This automated approach enables rapid spread, putting millions of users at risk within hours.

Signs of a Fake LinkedIn Bot

Spotting these fake comments can prevent major security breaches. Analysts recommend looking for: unexpected account warnings, unfamiliar URLs, and minor discrepancies in account names or branding. For instance, many fake accounts use subtle variations of LinkedIn’s name, such as “Linked Very,” making the phishing attempt harder to detect at first glance. Users should verify messages via official LinkedIn notifications rather than clicking comment links.

Expert Recommendations for Users

Security professionals emphasize never entering credentials through unsolicited links. Users should enable two-factor authentication, report suspicious comments, and regularly monitor account activity. Organizations are also urged to educate employees about this evolving threat, as social engineering through professional networks can compromise both personal and corporate data.

Growing Concerns Over LinkedIn Security

This latest phishing scheme highlights vulnerabilities in professional networking platforms. While LinkedIn has robust security measures, the combination of AI-driven comment spam and human trust in familiar interfaces makes social engineering attacks increasingly effective. Experts predict similar campaigns may emerge on other networks if preventive measures are not strengthened.

Staying Safe Amid Phishing Threats

Users must remain vigilant as attackers continue to evolve their tactics. Regularly updating passwords, checking for suspicious account activity, and treating all unexpected warnings with skepticism can reduce risk. LinkedIn has yet to issue a public statement on this specific campaign, but ongoing monitoring and awareness are essential to avoid falling victim to these AI-powered scams.