A widespread phishing campaign is targeting LinkedIn users by posting comments on users’ posts, BleepingComputer reports.
Threat actors are using bots to post the comments, which impersonate LinkedIn itself and inform the user that their account has been restricted due to policy violations. The comments contain links to supposedly allow the user to appeal the restriction.
“These posts falsely claim that the user has ‘engaged in activities that are not in compliance’ with the platform and that their account has been ‘temporarily restricted’ until they visit the specified link in the comment,” BleepingComputer says. “The fabricated reply bearing the LinkedIn logo…appears fairly convincing depending on how viewers are interacting with the comments area and on what device.”
These links lead to convincingly spoofed LinkedIn login portals designed to steal users’ Google, Microsoft, or Apple credentials. Some of the attacks are particularly difficult to spot because they use LinkedIn’s official URL shortener, which replaces the suspicious-looking phishing link with a short “lnkd.in” URL.
A LinkedIn spokesperson told BleepingComputer that the company is working to take action against this campaign, adding, “It's important to note that LinkedIn does not and will not communicate policy violations to our members through public comments, and we encourage our members to make a report if they encounter this suspicious behavior. This way we can review and take the appropriate action.”
BleepingComputer notes, “Users should remain vigilant and avoid interacting with comments, replies, or private messages that appear to impersonate LinkedIn and urge recipients to click external links.”
BleepingComputer has the story.
