Professional platforms like LinkedIn, which we rely on to build our careers and networks, are now fertile ground for increasingly cunning phishing tactics. In recent weeks, a surge of fake comments masquerading as official LinkedIn notifications has alarmed users, requiring us to heighten our vigilance.
Key Points:
- The latest phishing modus operandi on LinkedIn exploits fake comments that mimic official notifications.
- Perpetrators use fake accounts and even LinkedIn’s official URL shortener service (lnkd.in) to disguise malicious links.
- Phishing links often lead to sites designed to steal user login credentials.
- LinkedIn asserts that they never announce policy violations through public comments.
- Users are urged NOT to click on links from suspicious comments and to report such activities immediately.
New Threat: Deceptive Fake Comments
Imagine you’re browsing your notifications, and you see a comment claiming to be from LinkedIn. The message states there’s ‘inappropriate activity’ or a ‘policy violation’ on your account, asking you to click a link immediately to ‘recover’ access. Well, this is the new modus operandi that is currently rampant.
These scammers are very clever. They not only create fake accounts that look similar to LinkedIn’s but even dare to use LinkedIn’s official URL shortener service, lnkd.in. This makes previously suspicious links harder to recognize. On the other hand, some play with strange domains ending in app with random character strings, or completely irrelevant domains.
Deceptive Design
A convincing impression is carefully built. The LinkedIn logo is included, and the language is formal, mimicking the platform’s notification style. Messages about ‘protective measures’ due to potential ‘login from an unknown location’ are often used to create a sense of urgency and fear. One detected phishing site even displayed a fake message about a ‘temporary restriction’ on the account, prompting users to ‘verify their identity,’ which ultimately led to credential theft.
Who is Targeted and How to Detect It?
Indiscriminately, any LinkedIn user can become a victim. Reports from users like Ratko Ivekovic, Jocelyn M, and Candyce Edelen confirm this phenomenon. The appearance of several accounts with similar names in a short period is one of the initial indicators. LinkedIn itself has confirmed that they are aware of this attack and are in the process of taking action.
LinkedIn’s Firm Stance
LinkedIn has firmly stated that they never use public comment sections to inform about policy violations. This is a crucial reminder for all of us. If there’s a notification about a violation, it should come through official and secure communication channels, not just a reply under a post.
Smart Steps to Protect Your Account
Similar cases have occurred on other platforms, where fake accounts impersonated financial institutions. The bottom line is, vigilance is key.
- Never click on links in comments, replies, or private messages that claim to be from LinkedIn and demand immediate action.
- Always re-verify the provided URL. Hover over the link without clicking to see its actual address.
- Check the authenticity of the communication source. Does it truly originate from an official LinkedIn domain?
- Be wary of messages that are urgent or request sensitive information such as passwords, OTPs, or credit card details.
- If you find a suspicious comment or account, report it to LinkedIn immediately. This helps them clean up the platform and protect other users.
Remember, in an ever-evolving digital world, scammers will always seek loopholes. By staying vigilant and implementing basic preventive measures, we can keep our professional spaces secure.
