As LinkedIn continues to grow as a trusted professional platform, it is increasingly becoming a target for sophisticated phishing attacks. According to reporting by Bleeping Computer, scammers are now exploiting LinkedIn’s comment system to distribute fake “reply” messages that impersonate the platform itself.
These deceptive comments appear directly under LinkedIn posts and warn users about alleged policy violations. The messages claim that an account has been temporarily restricted and urge users to click a link to resolve the issue. At first glance, the comments appear credible, often mimicking LinkedIn’s branding and language.
How the Scam Works on LinkedIn?
The phishing campaign relies on speed, urgency, and misplaced trust. The fake comments are typically posted by imposter company pages using variations of the LinkedIn name. In some cases, scammers even use LinkedIn’s lnkd.in URL shortener to mask the final destination of the link, making it harder for users to detect suspicious behavior.
Once clicked, users are redirected through a series of phishing sites and prompted to “verify their identity.” These pages are designed to harvest login credentials, giving attackers access to LinkedIn accounts that can later be exploited for further scams or impersonation.
What makes this campaign particularly effective is its placement. By appearing as a reply beneath legitimate content, the scam blends into normal platform behavior, reducing skepticism and increasing the likelihood of clicks.
LinkedIn’s Response and What Users Should Know
LinkedIn has confirmed awareness of the campaign and stated that it is actively working to remove fraudulent content. The company has also reiterated a critical point: LinkedIn does not communicate policy violations through public comments.
Any legitimate account-related notices are sent through private, authenticated channels. This distinction is essential, yet easily overlooked when users are conditioned to trust the platform by default. The incident highlights a growing challenge for professional networks. As platforms become more credible and authoritative, that trust becomes something attackers can weaponize.
Why This Matters Beyond One Scam
This is not just a security issue, it’s a trust issue. LinkedIn is increasingly positioned as a layer of professional credibility on the internet. AI systems cite it. Recruiters rely on it. Careers are built on it. That makes vigilance more important than ever.
For users, the takeaway is simple but critical: urgency is a red flag. Any message that demands immediate action, verification, or credentials, especially in public comments, should be treated with caution and reported. As LinkedIn’s role expands, so does the responsibility of both the platform and its users to protect the integrity of professional identity online.nus, and more of a baseline.
The Linked Blog is here to help you or your brand have the best possible LinkedIn presence, so feel free to contact us if you need help! See more about what we can do for you here.
