Tip

How to avoid LinkedIn phishing attacks in the enterprise

Organizations and users need to be vigilant about spotting LinkedIn phishing attacks by bad actors on the large business social media platform. Learn how to foil the attempts.

As the largest business and employment-focused social media platform on the planet, LinkedIn counts both organizations and individual users among its estimated 875 million members. That makes it an attractive target for bad actors looking to scam, impersonate and trick subscribers into revealing sensitive information or sharing access to their connections.

LinkedIn phishing attacks often occur on the platform itself, but they also happen over email, with threat actors impersonating the social media provider:

  1. LinkedIn phishing attacks. The number of fake profiles on LinkedIn is increasing. At first glance, these profiles may appear highly believable, with professional images, compelling descriptions, legitimate company listings, believable credentials and so on.

    The cybercriminals behind these fake profiles try to establish connections with targets through direct messages or connection requests. Recipients who unwittingly accept such requests may end up sharing sensitive personal or professional information.

    Additionally, once a threat actor has connected with one person, they can use that connection to access the rest of the subscriber's network and build trust among those contacts. When a fake profile establishes a number of connections with real users, its perceived legitimacy grows.
  2. Email-based phishing attacks. Some seemingly legitimate LinkedIn emails are actually spear phishing campaigns, with bad actors impersonating the social media platform to target job seekers.

    Targeted spear phishing attack model
    Threat actors can use information they gather on LinkedIn to launch email-based spear phishing attacks, which use social engineering tactics to target and manipulate specific users.
    These emails may include convincing LinkedIn branding and display name spoofing, with messages such as, "You appeared in 200 searches last week. Click here to connect with these companies." Instead of taking the user to LinkedIn, however, such malicious links could do anything from download a Trojan horse to harvest LinkedIn logins and passwords.
  3. Combination attacks. A threat actor might use both the LinkedIn platform and email in a phishing campaign. After successfully connecting with a target via a fake profile, for example, an attacker can then reference the LinkedIn connection in an introductory email to build credibility and lower the recipient's guard. That email might include a phishing link or an attachment with malware.
Once a threat actor has connected with one person, they can use that connection to access the rest of the subscriber's network and build trust among those contacts.

3 ways to avoid falling for LinkedIn phishing scams

LinkedIn users can take a few important steps to avoid falling victim to these types of attacks:

Stay vigilant and do some research before accepting new connection requests

A quick look at a person's education, experience and connections sometimes reveals obvious red flags. According to LinkedIn: "A profile may be fake if it appears empty or if it contains profanity, fake names or impersonates public figures."

On the other hand, as noted above, just because a profile passes the initial sniff test doesn't mean it's legitimate. Stay alert for even small inconsistencies, and be particularly cautious about accepting requests from strangers.

One useful tactic is to check whether a profile picture appears elsewhere under another name, as cybercriminals often steal others' photos to use in LinkedIn phishing scams. Try using Google's reverse image search feature or a reverse image search engine, such as TinEye.

It's worth noting, however, that unique, AI-generated images likely wouldn't show up in a reverse image search. LinkedIn said it has introduced a deep learning-based model to detect such pictures and block associated accounts, as part of the platform's automated anti-abuse defenses.

Use new LinkedIn features to recognize fake profiles

In late 2022, LinkedIn rolled out several features to help combat fake profiles and phishing activity on the site.

The "About this profile" feature can be particularly helpful for users, as it shows the following:

  • When a profile was created.
  • When a profile was last updated.
  • Whether the user has successfully verified a work email, government-issued ID or workplace with LinkedIn.

A profile that was only recently created and hasn't taken any verification steps may be cause for concern, especially in the context of other suspicious behavior.

LinkedIn said it has also started adding warnings to some in-platform messages that contain "high-risk content." For example, if a contact suggests connecting on another platform, such as email or WhatsApp, that may indicate phishing activity. If they choose, users who receive these warnings can report the suspicious messages without alerting the senders.

Be alert when receiving emails that appear to come from LinkedIn

Upon receiving an email that looks like it's from LinkedIn, first, check the sender's domain. If it says @linkedin.com, @e.linkedin.com or @el.linkedin.com, then it is legitimate. Any other domain means the email is a phishing attempt, so delete it immediately and consider reporting it to [email protected].

According to the social media provider, common fake LinkedIn phishing emails include subject lines such as the following:

  • "Account suspended."
  • "LinkedIn closing & termination of your account."
  • "LinkedIn profile security alert."
  • "Your account will be terminated."

In the future, attackers will likely turn to generative AI and deepfake AI technologies to create highly convincing text, audio and video for LinkedIn phishing campaigns. End users and businesses must continue to exercise caution and employ trust-but-verify principles when interacting on LinkedIn and other social media platforms, as attack methods continue to evolve.

Dig Deeper on Application and platform security