Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Warning: A LinkedIn Phishing Campaign is Targeting Executives

    KnowBe4 Team | Feb 3, 2026

    Facebook Disrupts Social Engineering OperationA phishing campaign is abusing LinkedIn private messages to target executives and IT workers, according to researchers at ReliaQuest. The messages attempt to trick victims into opening an archive file, which will install a legitimate pentesting tool.

    “A critical element of this attack was the use of a legitimate, open-source Python script designed for pen-testing,” ReliaQuest says. “Relying on publicly available tools means less effort for attackers and allows them to reduce costs and detection risks—all while lowering the technical barrier to entry.”

    The researchers stress that the abuse of legitimate tools makes the campaign more likely to bypass security defenses.

    “In this campaign, attackers used WinRAR and Python, but similar tactics could extend to other widely used tools, such as PowerShell,” the researchers write. “These tools are integral to daily operations, making it impractical for organizations to block them entirely. This highlights the ongoing challenge of distinguishing between legitimate activity and malicious behavior, leaving organizations vulnerable to similar attacks.

    “What’s more, as organizations increasingly rely on social media platforms for business and marketing purposes, these channels create new attack surfaces. Employees managing corporate social media accounts or engaging on these platforms are exposed to phishing attempts in environments with minimal security controls.”

    Employees need to maintain a healthy sense of suspicion across all online platforms in order to avoid falling for social engineering attacks.

    “This campaign serves as a reminder that phishing isn’t confined to email inboxes,” the researchers write. “Phishing attacks take place over alternative channels like social media, search engines, and messaging apps—platforms that many organizations still overlook in their security strategies. Social media platforms, especially those frequently accessed on corporate devices, provide attackers with direct access to high-value targets like executives and IT administrators, making them invaluable to cybercriminals.”

    ReliaQuest has the story.

    Topics: Social Engineering Phishing Human Risk Management

    Discover Your Organization’s Phish-prone™ Percentage

    Ninety-one percent of data breaches begin with spear phishing. Launch our Free Phishing Security Test for up to 100 users to uncover your team's vulnerability and see how your security posture stacks up against industry benchmarks.

    Get Your Free Phishing Security Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the human and AI workforce to make safer security decisions every day. Trusted by over 70,000 organizations worldwide, we help strengthen security culture and manage risk. Our comprehensive AI-driven platform includes awareness and compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, agent security and more. As the only global security platform of its kind, KnowBe4 provides personalized content, tools, and techniques to keep the modern workforce safe from phishing, vishing, deepfakes, and emerging threats.

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk and agent security best practices, compliance strategies and industry research to help organizations strengthen their digital defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog

    We Train Humans and AI Agents. Socially engineered or prompt engineered? It's all human risk. Learn more

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.