New LinkedIn Phishing Campaign: Fake Comment-Replies

January 14, 2026 Faeem BLOGS 0

Cybercriminals are exploiting LinkedIn’s comment system to deliver highly convincing phishing lures. The tactic involves fake “reply” comments that impersonate LinkedIn itself, warning users of supposed policy violations and urging them to click malicious links.

How the Scam Works

  • Fake replies: Attackers post comments under LinkedIn posts claiming accounts are “temporarily restricted.”
  • Brand impersonation: Replies use LinkedIn’s logo and formatting to appear authentic.
  • Link masking:
    • Some phishing domains use suspicious .app URLs.
    • Others abuse LinkedIn’s official lnkd.in shortener, making malicious links harder to distinguish from legitimate ones.
  • Credential harvesting:
    • Victims are redirected to phishing sites (e.g., very1929412.netlify[.]app).
    • Clicking “Verify your identity” leads to secondary domains (e.g., very128918[.]site) where credentials are stolen.

Additional Abuse

  • Fake company pages: Attackers create fraudulent LinkedIn pages with names like “Linked Very”, using LinkedIn’s logo to boost credibility.
  • Bot-like activity: Multiple fake profiles flood posts with identical warnings, amplifying reach.

Why It’s Dangerous

  • High trust factor: LinkedIn is widely used by professionals, making phishing attempts more believable.
  • URL shortener abuse: Even experienced users may trust links masked by LinkedIn’s own infrastructure.
  • Cross-platform precedent: Similar scams were seen on Twitter/X in 2023, where attackers impersonated banks in replies to customer complaints.

LinkedIn’s Response

  • LinkedIn confirmed awareness of the campaign and is actively removing fake accounts/pages.
  • The company emphasized:
    • Policy violations are never communicated via public comments.
    • Users should report suspicious activity directly to LinkedIn.

Defensive Recommendations

  • Do not click links in comments or replies claiming account restrictions.
  • Verify domains: Check full URLs before interacting—avoid shortened links if uncertain.
  • Enable MFA: Protect accounts with multi-factor authentication.
  • Report abuse: Flag suspicious comments, replies, or company pages to LinkedIn.
  • Stay alert: Expect phishing attempts to evolve across professional and social platforms.

Takeaway

This campaign highlights how attackers are weaponizing trust in platform-native features (like LinkedIn’s URL shortener and comment system). Even without direct account compromise, social engineering at scale can trick users into handing over credentials. Vigilance and skepticism toward unsolicited “policy violation” notices are essential.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.