Linkedin logo in black

Watch out for this bump in LinkedIn phishing

LinkedIn is sometimes forgotten about in more general coverage of phishing attacks. Social media sites such as Facebook, Twitter, and Instagram receive regular attention. Cryptowallet customer support scams run wild in the replies to any cryptocurrency themed tweet. Facebook users can often be found dealing with compromised accounts asking for money. Instagram has a wave of influencers having their accounts held to ransom. The big questions is: have you ever wondered what’s on LinkedIn?

Presenting: What’s on LinkedIn

It’s not just endless spam for unsuitable job positions and motivational speeches. It turns out there’s a whole lot of phishing happening behind the scenes, too. At the beginning of February, Brian Krebs reported that scammers are using “Slinks” to redirect to phishing pages. Worse still, that particular technique has been around since 2016. In the most recent example, the phishing attempts seen in the wild were not hunting LinkedIn accounts specifically. Even so, tying bad URLs to reassuringly convincing LinkedIn redirects will always end badly for someone.

More recently…

Phishing by increasingly large numbers

Research claims that bogus imitation LinkedIn mails have increased around 232% since the beginning of February. Overfamiliarity with a stream of genuine messages mentioning profile views, new messages, and employment opportunity suitability may be causing people to start clicking through. Times are tough out there, and given LinkedIn is a natural fit for networking and job hunting it’s understandable that some folks will click everything in sight.

I’m a professional (phisher)

The mails are convincingly branded, look realistic, and emulate the real thing in a way that may drift past people’s sense of caution. The research points out that the fake mails also piggyback on the back of other genuine brands to make themselves look even more convincing. CVS Carepoint and American Express are two of the brands named as being spoofed in the fake mails.

Should someone click through to the phishing pages and start entering details, they may well lose the login credentials. Unlike the attacks from the beginning of February, these mails are specifically looking for LinkedIn password and username combinations. The research doesn’t say what the scammers do with the accounts once harvested, but it’s a good bet they’ll be used for spamming, social engineering, or even just more phishing attempts.

Avoiding the LinkedIn scammers

These mails appear to be getting past at least some email security defences and precautions. It’s nice to know people are checking out your profile. It’s helpful that there are awesome jobs out there for you to check out, but be careful! You don’t have to click into the latest email in your mailbox. Consider navigating directly to LinkedIn yourself and seeing what’s in there.

Bogus messages and jobs referenced in the fake mails won’t be waiting for you on the site itself. This doesn’t rule out actually being sent bogus messages and job references on LinkedIn itself. However, going there yourself and seeing what lies in wait at least negates the threat of the phishing mails.


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.