LinkedIn's New Phishing Scam Looks Like an Official Warning—Don't Fall For It

You post an update on LinkedIn. Minutes later, a comment appears from what looks like LinkedIn itself, warning that your account has been flagged for policy violations. Your profile is "temporarily restricted," and you need to verify your identity immediately or face suspension.

It looks official. The branding is right. The urgency feels real.

It's a scam. And it's catching professionals off guard across the platform.

How the LinkedIn Comment Scam Works

According to BleepingComputer, scammers have developed a sophisticated attack that exploits LinkedIn's comment system. Here's the playbook:

Step 1: Create a fake company page. Attackers register pages with names like "Linked Very" or "LinkedIn Support" and copy official LinkedIn branding—logos, colors, and professional language.

Step 2: Post fake warning comments. Using these impersonator accounts, they reply to posts claiming the user has violated platform policies. The comments warn of account restrictions and demand immediate verification.

Step 3: Mask malicious links. Some attacks abuse LinkedIn's own URL shortener (lnkd.in) to make phishing links appear legitimate. Others use multistage redirects through cloud services to evade detection.

Step 4: Harvest credentials. Victims land on fake LinkedIn login pages designed to capture usernames and passwords. Some campaigns go further, collecting additional personal information through fake "appeal forms."

LinkedIn's Official Statement

LinkedIn has confirmed awareness of the campaign and issued a clear warning:

"LinkedIn does not and will not communicate policy violations to our members through public comments."

Any comment claiming to be from LinkedIn warning about account issues is fraudulent. Period. Real policy notifications come through official channels: direct messages from LinkedIn, emails from linkedin.com addresses, or notifications in your account settings.

Why Your LinkedIn Credentials Matter More Than You Think

A compromised LinkedIn account isn't just a social media problem. It's a gateway to much larger attacks.

• Professional network access. Attackers can message your connections pretending to be you, spreading malware or launching targeted phishing against your colleagues and business contacts.
• Business email compromise. LinkedIn profiles reveal job titles, company names, and reporting structures. This information fuels convincing spear phishing emails that trick finance teams into wiring money or sharing sensitive data.
• Password reuse exploitation. Many professionals use the same password across multiple platforms. A LinkedIn credential often unlocks email accounts, corporate systems, and financial services.
• Identity theft foundation. Your LinkedIn profile contains employment history, education, skills, and connections—everything needed to build a convincing fake identity or answer security questions on other accounts.

How to Spot and Avoid This Scam

Protecting yourself requires recognizing the warning signs:

• Ignore policy warnings in comments. LinkedIn never, under any circumstances, communicates account issues through comment replies. Any such message is fake.
• Check the commenter's profile. Click through to the account posting the warning. Fake profiles often have minimal connections, recent creation dates, and slight misspellings in their names.
• Never click verification links from comments. If you're genuinely concerned about your account status, navigate directly to linkedin.com, log in normally, and check your notifications and settings.
• Report suspicious comments. Use LinkedIn's reporting feature to flag fake accounts and scam comments. This helps protect other users from falling victim.
• Enable two factor authentication. Even if attackers obtain your password, they can't access your account without the second verification step.

The Browser in Browser Connection

This LinkedIn campaign often employs browser in browser phishing—a technique where fake login popups appear genuine but are actually embedded web pages designed to steal credentials.

The telltale test: try dragging any login popup outside your browser window. Real popups move freely. Fake ones are trapped inside the page because they're built with HTML and CSS, not actual browser functionality.

If a popup won't leave your browser window, close everything and navigate to the site directly.

Phishing Starts in Your Inbox

While this particular attack originates on LinkedIn, the same criminals run parallel campaigns through email. Fake LinkedIn notifications, connection requests from impersonators, and urgent account warnings flood inboxes daily.

These emails often contain tracking pixels that confirm your address is active and monitor when you open messages. That intelligence helps attackers refine their targeting and timing.

Blocking these invisible trackers removes a key piece of reconnaissance that makes phishing campaigns successful. When attackers can't tell if you opened their message or clicked their link, they lose the feedback loop that helps them improve their attacks.

Every layer of protection you add—from two factor authentication to email tracking blockers—makes you a harder target. And harder targets get skipped for easier victims.