- Attackers post fake LinkedIn comments claiming accounts are locked for violations
- Links lead to phishing sites mimicking LinkedIn login, stealing user credentials
- LinkedIn confirms awareness, stresses it never communicates bans via public comments
As if AI-generated posts and comments weren’t enough, LinkedIn activity is now also being bombarded with phishing content, experts have warned.
A report from BleepingComputer has highlighted how recently, multiple LinkedIn users have seen comments under different posts, appearing to have come from the platform itself. The comment states that the user has been repeatedly breaking the platform’s terms of service, and that their account is now locked and pending review.
The post also shares a link where the user can “reactivate” their account and “lift” the ban. Those that follow through will end up on a page that looks like a legitimate LinkedIn login page which, in fact, relays the credentials to the attackers.
LinkedIn aware of the attacks
There are multiple red flags in this campaign which should be enough for most people to spot the scam. The most obvious one is the fact that LinkedIn would never communicate locked, or banned accounts, through comments on different posts.
The second-biggest red flag is the links shared in the comments. In some cases, the links are clearly unaffiliated with the platform, pointing to netlify.app or similar third-party services. In others, attackers use LinkedIn’s official URL shortener, which can make the links appear more credible.
Finally, victims could navigate to the profile page of the account posting these comments and see that it is an obvious scam. One of the accounts is called “LinkedIn Very”, and has zero followers, and zero activity. The only thing connecting it to the platform is the name, and the profile image that is clearly stolen from LinkedIn.
The Microsoft-owned business social network told BleepingComputer it is aware of the campaign, and that it is working on stopping it:
“I can confirm that we are aware of this activity and our teams are working to take action,” a LinkedIn spokesperson told the publication.
“It’s important to note that LinkedIn does not and will not communicate policy violations to our members through public comments, and we encourage our members to make a report if they encounter this suspicious behavior. This way we can review and take the appropriate action.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/dCombh5pR4exm9uTkRFxwF-1920-80.jpg
Source link
