Scammers are flooding LinkedIn posts this week with fake "reply" comments that appear to come from the platform itself, warning users of bogus policy violations and urging them to visit an external link.
The messages convincingly impersonate LinkedIn branding and in some cases even use the company’s official lnkd.in URL shortener, making the phishing links harder to distinguish from legitimate ones.
'Access to your account is temporarily restricted'
Over the past few days, LinkedIn users have been targeted with bot-like activity from several LinkedIn-themed profiles commenting on their posts.
These posts falsely claim that the user has "engaged in activities that are not in compliance" with the platform and that their account has been "temporarily restricted" until they visit the specified link in the comment.
The fabricated reply bearing the LinkedIn logo, shown below and archived here, appears fairly convincing depending on how viewers are interacting with the comments area and on what device.
Fake LinkedIn reply-comment urging users to visit a phishing page
"We take steps to protect your account when we detect signs of potential unauthorized access. This may include logins from unfamiliar locations or..." also states the link preview generated in the crafted reply.
The example shared above shows an alphanumeric ".app" domain that is not associated with LinkedIn and may raise suspicion among some users. However, other posts take this lure a step further by masking the destination links via LinkedIn's official URL shortener, lnkd.in, making phishing domains harder to spot without clicking on them. This can be especially concerning if the link preview does not fully appear on certain devices.
Examples of such replies and comments were shared by several LinkedIn members, including Ratko Ivekovic, Jocelyn M., Candyce Edelen, and Adama Coulibaly.
... continue reading