Ethical Hacking News
LinkedIn users have been targeted with fake comments that appear to be from the platform itself, warning them of bogus policy violations and urging them to visit an external link. These comments use the company's official logo and URL shortener, making it difficult for users to distinguish between legitimate and phishing links.
Phishing scams on LinkedIn are becoming increasingly sophisticated, using fake comments that appear to be from the platform itself.Fake company pages with LinkedIn's official logo have been popping up on the site, sharing bogus policy violations and phishing links.The scammers use convincing branding, including LinkedIn's official URL shortener, to make it difficult for users to distinguish between legitimate and phishing links.Users should remain vigilant, avoid interacting with suspicious comments, replies, or private messages, and report any suspicious behavior to LinkedIn.
Phishing scams have become increasingly sophisticated, and one of the latest tactics used by scammers is exploiting the comment reply feature on LinkedIn. In recent days, users have been targeted with fake comments that appear to be from LinkedIn itself, warning them of bogus policy violations and urging them to visit an external link. These comments are so convincing that they even use the company's official logo and URL shortener, making it difficult for users to distinguish between legitimate and phishing links.
The scam involves fake company pages using LinkedIn's official logo and a variation of the platform's name, such as "Linked Very." These pages pop up on the professional networking site in the past week, and their content has been taken down by LinkedIn. However, before the page was removed, it was shared by several users who claimed that they had encountered similar posts.
These fake comments appear to be from LinkedIn itself, warning users of bogus policy violations and urging them to visit an external link.
The messages convincingly impersonate LinkedIn branding and in some cases even use the company’s official lnkd.in URL shortener, making the phishing links harder to distinguish from legitimate ones. The fabricated reply bearing the LinkedIn logo appears fairly convincing depending on how viewers are interacting with the comments area and on what device.
Fake LinkedIn reply-comment urging users to visit a phishing page
The example shared above shows an alphanumeric ".app" domain that is not associated with LinkedIn and may raise suspicion among some users. However, other posts take this lure a step further by masking the destination links via LinkedIn's official URL shortener, lnkd.in, making phishing domains harder to spot without clicking on them.
This can be especially concerning if the link preview does not fully appear on certain devices. The very1929412.netlify.app phishing site, seen by BleepingComputer, first elaborates on the false "temporary restriction" and advises the viewer that they need to "verify" their identity to lift the restriction:
First LinkedIn phishing domain (BleepingComputer)
When clicked, the "Verify your identity" button directs the user to yet another phishing domain, https://very128918.site which is where credential harvesting actually occurs:
Second LinkedIn-themed phishing domain harvesting credentials
(BleepingComputer)
In 2023, BleepingComputer first reported a convincing X (then Twitter) scam in which accounts impersonating major banks replied to customers' complaints directed at the real institutions, urging them to contact a scammer-controlled phone number.
LinkedIn is aware of this ongoing campaign and has confirmed that they are working to take action. A LinkedIn spokesperson stated to BleepingComputer: "I can confirm that we are aware of this activity and our teams are working to take action... It's important to note that LinkedIn does not and will not communicate policy violations to our members through public comments, and we encourage our members to make a report if they encounter this suspicious behavior. This way we can review and take the appropriate action."
Users should remain vigilant and avoid interacting with comments, replies, or private messages that appear to impersonate LinkedIn and urge recipients to click external links.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Slick-Scam-How-Phishers-are-Exploiting-LinkedIns-Comment-Reply-Feature-to-Steal-User-Credentials-ehn.shtml
https://www.bleepingcomputer.com/news/security/convincing-linkedin-comment-reply-tactic-used-in-new-phishing/
Published: Tue Jan 13 09:51:01 2026 by llama3.2 3B Q4_K_M
