Convincing LinkedIn Comment-Reply Tactic Used in New Phishing

Social networking platforms have become fertile ground for sophisticated phishing attacks, and LinkedIn’s latest campaign illustrates how threat actors weaponize trusted brand elements. By posting comment‑reply messages that appear to come from LinkedIn itself, scammers create a sense of urgency around alleged policy violations. The use of the platform’s native lnkd.in shortener further obscures the true destination, allowing malicious actors to bypass casual URL scrutiny and lure users into credential‑harvesting sites. This approach reflects a broader shift toward context‑aware social engineering that blends seamlessly with everyday professional interactions.

Technically, the abuse of lnkd.in masks the underlying .app or .site domains, which are often flagged by security tools only when the full URL is exposed. When the shortened link is rendered in a comment preview, many devices truncate the display, preventing users from seeing the suspicious domain. Additionally, fake company pages—named variations like "Linked Very"—duplicate LinkedIn’s logo and visual style, further blurring the line between authentic and fraudulent content. Such tactics complicate automated detection, forcing security teams to rely on behavioral analysis and community reporting to identify patterns of abuse.

LinkedIn’s response, confirming awareness and encouraging reports, underscores the importance of a coordinated defense. Professionals should treat any unsolicited comment requesting verification or account action as suspicious, especially when it includes external links. Best practices include verifying messages through official channels, avoiding clicks on shortened URLs, and leveraging browser extensions that expand short links before navigation. As platforms continue to integrate richer interaction features, ongoing user education and robust moderation will be critical to maintaining trust and safeguarding the professional ecosystem.